Can't connect IIS ISAPI Tomcat to BASIC Authentication via Tomcat
We have successfully configured IIS in front of two Tomcat instances using isapi_redirect.dll. He does everything well and we were very happy. Now, however, we are using one of the Tomcat instances to serve web services over AXIS. This requires BASIC Auth and .NET clients fail.
+ .NET clients can bypass IIS by surfing to "site: 8180" and they are fine + Java clients can get to IIS and ISAPI passes them and they authenticate just fine using basic.
+ .NET files that end up in IIS cannot be authenticated using the same file.
Fiddler reports this session:
HTTP / 1.1 401 Unauthorized use Date: Wed, 07 Jan 2009 14:31:59 GMT
Server: Microsoft-IIS / 6.0
WWW-Authentication: NTLM
X-Powered-By: ASP.NET
Pragma: No- cache
Cache-Control: no-cache
Expires: Wed Dec 31 1969 19:00:00 EST
WWW Authentication: base area = "daily control module"
Content-Type: text / html; charset = utf-8
Content-length: 954
Proxy support: Session-based authentication
It launches what looks like a basic auth dialog, but instead of asking us to authenticate the daily management module, it asks us to authenticate to the Windows server. And of course the IIS server asks for NTLM authorization. If I configure the whole server to use Basic Auth, I get this from Fiddler:
HTTP / 1.1 401 Unauthorized use Content-Length: 1656
Content-Type: text / html
Server: Microsoft-IIS / 6.0
WWW-Authentication: Basic Scope = "serverName "
X-Powered-By: ASP.NET
Date: Wed, 07 Jan 2009 15:08:32 GMT
Sigh. Basic, but now the basic realm has been changed to IIS server. So if I set up the whole server for authentication on Basic realm, Daily Control Module, then I get the following:
HTTP / 1.1 401 Unauthorized use Date: Wed, 07 Jan 2009 15:11:45 GMT
Server: Microsoft-IIS / 6.0
WWW -authentication: base realm = "daily management module"
X-Powered-By: ASP.NET
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed Dec 31 1969 19:00:00 EST
WWW Authentication: Basic area = "daily management module"
Content-Type: text / html; charset = utf-8
Content-Length: 954
Weird with double WWW-Auth headers, no? Anyway, authentication using the same file that works directly with Tomcat fails whether I specify the domain or not.
At this time:
+ Anon is off
+ Built-in Windows Auth is off
+ Basic auth is On, with the scope configured as Daily Control Module
Thanks for watching.
source to share
What is the directory security configuration?
Are you sure only basic authentication is enabled?
Another point. Perhaps at the iis level you should be using anonymous authentication. And is tomcat in charge of implementing basic authentication exchange?
The source of the problem (from the header you posted) is that the .net client recognizes that the site maintainer supports ntlm authentication. And try to authenticate with this protocol. The java client just ignores the ntlm parameter, so it uses any other authentication protocol supported by the site.
You must ensure that Integrated Authentication is not enabled at the site and file level.
source to share