Why does IIS ask for a password when I type http://localhost?
WISEMANOFNARNIA
"http://localhost" in my browser, I'm asked for a password.
I looked at IIS with the IIS Manager, and I do have anonymous access
enabled.
I thought that perhaps folder permissions are the problem, but I
looked at wwwroot, and it doesn't seem to allow setting of permissions
at all. Maybe a Windows XP media computer simply doesn't have
permissions.
I am logged on as a user who is part of the administrators group.
Any help is appreciated.
-- Marv
Ken Schaefer
In Explorer goto Tools -> Folder Options -> uncheck "Use Simple File
Sharing". This will then give you a security tab when you go to the
properties of a folder.
Ensure that the configured anonymous user (IUSR_<machinename> by default)
has Read (RX) permissions to the content.
Cheers
Ken
"WISEMANOFNARNIA" <COHEN...@LYCOS.COM> wrote in message
news:540deca7-980e-4045...@o20g2000vbh.googlegroups.com...
David Wang
group eliminates seeing password prompts or getting access denied on
the machine.
Administrators have the ABILITY to get around those issues, but it
does NOT mean that it won't see them.
For example, if a file has Deny ACL for Administrators, you WILL get
access denied for that file -- the system does not care if you are
Administrator or not. However, Administrators have the unique ability
to change that ACL to Allow and thus ultimately gain access.
When you enable anonymous access and type "http://localhost", it does
NOT mean it eliminates password prompts or access denied, either.
Enabling Anonymous access simply tells the web server "if the remote
user does not provide credentials, use a configured anonymous user
instead". However, files can still be missing Allow ACL or have a Deny
ACL for that anonymous user, so you get access denied or password
prompts.
And the fact that you are in the Administrators group means nothing to
the web server unless you authenticate to the web server as the
Administrator to regain those privileges. Enabling anonymous access
bypasses that authentication process, so you never end up proving you
are an Administrator to the web server. Thus, you may run with
Administrator credentials in a web browser on the same machine as the
web server, but to the web server and everything you access via the
web server, you are NOT the Administrator.
It may seem bizarre to you that both the web browser and web server
are on the same machine so why doesn't the web server "automatically"
treat you with the special permissions of Administrator, but that is
standard Client-Server Architecture behavior. From a web server's
perspective, a request from you on the server's machine itself is no
different than a request from a hacker on any machine. The only
difference is that you know the administrator password and thus can
PROVE to the web server through Authentication that you are who you
claim.
Getting back to your original question -- accessing http://localhost
returning password prompt means that a 401 error is returned by the
server for whatever reason back to the browser, which triggers the
password prompt. The question that you must answer is WHY the server
is returning a 401 error, and that is an entire journey in itself. You
can start with the following URL to troubleshoot why the 401 is
happening --
http://blogs.msdn.com/david.wang/archive/2005/07/14/HOWTO_Diagnose_IIS_401_Access_Denied.aspx
What I think is happening in your case is that http://localhost ends
up triggering a Default ASP page to load, and that ASP page is trying
to load some component which it cannot, and on that failure, a 401 is
returned. However, you will need to go through the troubleshooting
process detailed earlier to figure it out.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//