Article ID: 175805
Article Last Modified on 5/2/2006
APPLIES TO
- Microsoft Visual InterDev 1.0 Standard Edition
This article was previously published under Q175805
SYMPTOMS
When using NT Challenge/Response authentication, individuals accessing the site from the Internet receive "Error: Access Is Denied" when trying to access a secure Web page or directory.
Users connecting to the site internally (via corporate LAN) and logged onto the authorized NT Domain are granted access.
CAUSE
NT Challenge/Response (NTLM) is unable to authenticate users who do not have a direct connection to the Internet Information Server (IIS) server. Therefore, users coming to a site through a corporate or ISP Proxy server will receive the "Error: Access Is Denied" message.
RESOLUTION
In order to secure the site for use from the Internet, Basic Authentication must be turned on and NTLM should be turned off. This will allow the individual accessing the page from the Internet the opportunity to enter a valid NT account name and password.
STATUS
This behavior is by design.
MORE INFORMATION
NT Challenge/Response is designed to be used primarily for corporate intranets that use the NT Domain authentication model. Basic security is provided for Web administrators who want to have user authorization on their public Internet site.
Steps to Reproduce Behavior
- Turn NT Challenge/Response On in Internet Service Manager.
- Create a secure directory on you Web server, thereby removing IUSR_machinename and Everyone from the access list
- Put or create a HTML page in the secure directory.
- Access the page coming from the public Internet.
REFERENCES
For the latest Knowledge Base articles and other support information on Visual InterDev and Active Server Pages, see the following page on the Microsoft Technical Support site:
Additional query words: Internet Security, IIS, NTLM
Keywords: kberrmsg kbprb KB175805