Search results matching tag 'Authentification'

What to do for a rootkit...

rgsnowman — Sun, 14 Jun 2009 13:01:38 GMT

I have recently found a rootkit on my computer through AVG and am wondering how to get this thing off. I tried to get AVG to delete it but it said it cannot. I heard you can re-install windows vista and also restore default settings but I am not sure if that deletes everything and I'll have to get external hd and if the rootkit would get itself into there and I'd be re-installing a rootkit. This rootkit is screwing up my xps one it tiny ways, it changed all my security setting and turned my anti-viruses off and I can't turn them back on, messed up background, screwed up start menu and toolbar, and the side panel. I just want to know the best way to get this off computer. Thanks in advance.

Integrated windows authentication IIS6.0 on two sites behaves differently

tautau — Fri, 08 May 2009 14:36:55 GMT

I have a webserver with 2 websites running, The webserver is in a domain.

The sites are set up identical so why onlly one works i Can't figure out

site1 works perfectly with single sign on

site 2 user is prompted with username and password

I have checked that the both appPools runs with networkService user.

Please let me know whhat you need of information and i will provide it as soon as possible

Best regards

tautau

IIS Access to SQL Server

hrscott — Fri, 24 Apr 2009 22:54:52 GMT

Had to rebuild an XP Pro desktop (SP3) with IIS 5.1. Running a Visual Studio web application that will not connect to a remote SQL Server throught IIS. Get Server does not exist or access denied. Here are the facts:

> Duplicate workstation works fine with exact same web app

> IIS will connect to local sql server fine.

> Visual Studio's web server connects fine to remote & local sql server.

> All other software (vb, access/odbc, Enterprise Mgr...) connects to remote server.

> Firewall has been turned off.

There must be some security setting that I'm missing on IIS.

Any ideas?

IIS 7 on vista home premium

jstallard — Thu, 12 Mar 2009 08:06:22 GMT

I am playing around with IIS 7 on vista home premium to setup a website.

I created a test.html page and placed it into the wwwroot directory. I can access it by navigating to localhost. However when accessing from a public network I keep getting the username and password logon window.

I have configured anonymous authentication is enabled with the ISS-IUSR account for anonymous access. with all other authentication disabled.

This did not work, so I Created a local account with a password for the anonymous authentication, with the same results.

Any suggestions on how to configure anonymous access to a web page would be helpful.

Membership Provider using client certificates(PKI)

jlavender — Wed, 04 Mar 2009 11:11:51 GMT

Does anyone know how difficult PKI authentication is to use for asp.net applications? I set up a really simple website on a Server 2003 machine running IIS 6 and I found documentation on enabling client authentication using client certificates(PKI) in IIS but I don't see how to tie this into my .net web application as a membership provider. I would think it would work just like Windows Authentication but it doesn't seem to.

Any ideas/advice or tutorials would be greatly appreciated.

Thanks

Allow local user on SSO forms–based authentication

c21Vince — Wed, 11 Feb 2009 11:27:19 GMT

Hi all,

I'm using IIS5.1 and am setting a forms–based authentication for a multi site platform. For now, I can make it work but still cannot manage to allow a local user to be allowed.

Eventhoug I config the web.config file this way by example:

The local user will just have a blank page without any redirection or direct access.

I could not find any proof what I want to do is doable but I should, shouldn't it?

What am I missing ?

Thanks a lot for any help.

Vince

COMException (0x80072020): An operations error occurred. HELP

grub425 — Thu, 05 Feb 2009 21:39:37 GMT

I have an application that is using LDAP only with Single Sign On running on a windows 2003 server, running iis 6.0My Domain Functional Level: Windows 2003 Server, Forest Functional level: Windows 2003My web.config authentication is set:
<authentication mode="Windows"/>
<identity impersonate="true"/> Users login, retrieve a document and are logged off. In a 2 hrs period 1250 users will login and out of the application and 10 users will fail. The same user will have access documents minutes before the failure and minutes after the failure. Error message:
Warning: GetUserDN('testuser') from 'LDAP://DC=domain,DC=com': System.Runtime.InteropServices.COMException (0x80072020): An operations error occurred. On the web server I will see the user authenticated with NTLM instead of Kerberos

Bad Entry:Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: TESTMACHINE
Logon GUID: -

Vs: Good Entry: Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name:
Logon GUID: {ad208202-d700-fcfc-5782-713441f31ef8} If I run and test webpage from the user workstation to retrieve the users credential It returns: You have connected from your browser to IIS using Kerberos authentication and verifies that the SPN is ok.Also the .ini file for the application open a login file which has modify rights for all users but when the login fails using a filemon trace I see an access denied error for the log. Kerberos settings in the domain are: Policy Setting
Enforce user logon restrictions Enabled
Maximum lifetime for service ticket 60 minutes
Maximum lifetime for user ticket 7 hours
Maximum lifetime for user ticket renewal 10 days
Maximum tolerance for computer clock synchronization 5 minutes Server and service accounts have delegation set to trust this computer for delegation to any service (kerberso only). Below I have included the code for the function. Any suggestions on what to try or set to resolve this?

Imports System.DirectoryServices '------------------------------------------------------------------------------------ ' Returns user distinguished and full names for given user account name. '------------------------------------------------------------------------------------ Private Function GetUserDN(ByRef name As String, ByRef outFullName As String) As String GetUserDN = String.Empty Dim logMsg As String Dim adsPath As String = adsPathPrefix & searchNC logMsg = String.Format("Searching '{0}' in '{1}'", name, adsPath) DbugLog(TypeName(Me), logMsg, gc_LogDebug4) Try Dim searchRoot As DirectoryEntry = New DirectoryEntry(adsPath) searchRoot.AuthenticationType = authType ' default is AuthenticationTypes.Secure searchRoot.Options.Referral = refChasingOption ' default is ReferralChasingOption.None Dim searcher As DirectorySearcher = New DirectorySearcher(searchRoot) //// THIS IS A .NET OBJECT, System.DirectoryServices.DirectorySearcher //// searcher.Filter = String.Format("(&(objectClass=user)(objectCategory=person)(sAMAccountName={0}))", name) searcher.PropertiesToLoad.Add("cn") searcher.PropertiesToLoad.Add("distinguishedName") searcher.SearchScope = SearchScope.Subtree Dim result As SearchResult = searcher.FindOne() ///// THIS CALL FAILS ///// If Not result Is Nothing Then outFullName = result.Properties("cn")(0) GetUserDN = result.Properties("distinguishedName")(0) logMsg = String.Format("Found '{0}': CN='{1}', DN='{2}'", name, outFullName, GetUserDN) Else logMsg = String.Format("'{0}' not found", name) End If DbugLog(TypeName(Me), logMsg, gc_LogDebug4) Catch ex As Exception logMsg = ex.ToString() logMsg = String.Format("GetUserDN('{0}') from '{1}': {2}", name, adsPath, logMsg.Remove(logMsg.IndexOf(vbCrLf & vbCrLf))) DbugLog(TypeName(Me), logMsg, gc_LogWarning) End Try End Function

The ”name” parameter is obtained from Windows as the name of the user the current thread is impersonating – the delegated end user. That’s how GetUserDN() is called:

. . .

If authName = "" And authPassword = "" Then ' Single Sign-On userName = System.Security.Principal.WindowsIdentity.GetCurrent.Name logMsg = String.Format("Will authenticate as '{0}' (no input credentials, using thread identity)", userName) userName = userName.Remove(0, userName.LastIndexOf("\"c) + 1) Else userName = authName logMsg = String.Format("Will authenticate as '{0}' (using input credentials)", IIf(authDomain = "", authName, authDomain & "\" & authName)) End If DbugLog(TypeName(Me), logMsg, gc_LogDebug4) ' Bind to rootDSE with authentication rootDSE = BindToObject("rootDSE") If rootDSE Is Nothing Then Exit Function ' ====> Could not bind or authentincate - logon failed. ///// THIS CALL SUCCEEDS SINCE WE ALWAYS ENTER GetUserDN() BELOW //// If searchNC = "" Then ' Find the default naming context. //// THIS IS THE SEARCHBASE, OPTIONALLY SET IN vssystem.ini: [LDAP] SEARCHBASE=your_base_DN //// searchNC = rootDSE.Properties("defaultNamingContext")(0) End If ' Find the user's distinguished and full names Dim fullName As String Dim userDN As String = GetUserDN(userName, fullName) If String.IsNullOrEmpty(userDN) Then Exit Function ' ====> User not found - logon failed.

. . .

ASP permission problem - HTTP Error 401.3

JayRO — Sat, 10 Jan 2009 18:25:06 GMT

Problem: a specific Global Security Group can not load ASP pages (but can load HTML pages).

Goal: allow access to the secure website files and directories according to Global Group membership. This is a medical industry customer, so HIPAA compliance is mandatory (i.e. file access and restrictions must be thoroughly configured and maintained).

Environment: Windows 2003 Server, Std. Ed., single server with Active Directory. IIS is serving a secure website to employees and customers (amongst other non-related functions). IIS has been configured with a commerical Server Certificate to encrypt communication betweeb the server and clients on the internet. Anonymous access has been disabled, so users are required to log in to the website with their username/password. (This was a 2000 Server, upgraded to 2003). I created a disk partition just for website files.

Detail: The employees are members of the Global Group 'Domain Users'. No problems for the employees to access the website. The customers are members of the Global Group 'Web Site Users' (and removed from Domain Users group). There is a virtual directory mapped at the root level of the website named 'CustomerStuff' that maps to the 'CustomerFiles' directory (located at another drive/directory location).

In the CustomerFiles directory, I created a simple test.html page which the customer can browse to successfully. I copied the test.html to test.asp (leaving the HTML markup as-is, no ASP scripting added), and browsing for the customer is denied: "HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource."

By adding the 'Web Site Users' group to 'Domain Users' group, then browsing ASP pages succeeds. This solution is not acceptable, as the customers would then have unauthorized access to sensitive patient information.

Attempts to resolve:
- The permissions for test.html and test.asp are identical (being in the same directory, access to the directory is not an issue). I am fairly certain this is NOT a file permissions issue. I believe this to be some type of process level or possibly registry access permissions issue.
- Using SysInternal's "Process Monitor" app, I have repeatedly monitored browsing of test.html and test.asp both successful and unseccessful access. Absolutely nothing presents itself as access denied in the Process Monitor log, and I can not detect where the process becomes different for the 401.3 error.
- I have turned on failure auditing for:

- System drive (including entire WINNT structure).
- entire partition<> for ClientFiles,
- entire partiton for website files
- HKLM in the registry
- all Audit Policies available in GPO

No FAILURE entries are to be found in the Security log.
<>
I have attempted every trick I know of (and could find on the internet) to determine what is causing the 401.3 access denied error. I have also tried numerous tweaks to file structure and User Rights permissions in an effort to find what is needed to allow the ASP page to load (but I am very hesitant to be too aggressive opening permissions, as this site needs to stay secure).

Thanks in advance for any ideas, as I now have over 10 hours troubleshooting this issue.

--Jay Ohman

Replace Popup for Windows Integrated Authentication using LogonUser

CraigWU — Thu, 04 Dec 2008 17:52:12 GMT

I have a website which I'm customizing but is part of a third-party helpdesk application. The application used Windows Integrated Authentication, and I'm trying to figure out if its possible to get rid of the annoying popup asking for UserName and Password. I've seen several articles about implementing Mixed Mode, but they always assume the general site is Forms Authenicated, and the Windows Integrated Authentication is used to create tokens for the Forms site.

I'd like to know if its possible to cache the users credentials in the HttpContext.Current.User so the popups can be avoided in Windows Integrated Authentication?

What I've done so far: I've created a directory in my site that allows Anonymous access and put my logon page there. I'm able to successfully direct the initial logon to this page, and usiing LogonUser (advapi32.dll), I can validate the users credentials. Then once validated, I can create WindowsIdentiy and assign the HttpContext.Current.User to this. It all works fine until I redirect to a page which requires Windows Authentictation, because I get the popup. Here is my code:

If LogonUserA(sUserName, sDomain, sPassword, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, tokenHandle) Then
     identity = New WindowsIdentity(tokenHandle, "NTLM", WindowsAccountType.Normal, True) 
     HttpContext.Current.User = New WindowsPrincipal(identity) 
     Response.Redirect(blah...)
End If

I know that once I'm prompted, I can logout of the applicatoin and backin without being prompted again.  Also, any browser session that I create from this session is also already authenticated.

What I would like to figure out is how can I cache the WindowsPrincipal I create so that is acts that same way?  Is this even possible?

403.7 64 on IIS 6 on both XP 64 and server 2003 R2 64

Carrots — Mon, 03 Nov 2008 15:01:01 GMT

In the IIS logs, our client has found a bunch of 403.7 64 's being logged. Most of them are to /VirtualDirectoryName, for example:

2008-10-30 06:41:00 W3SVC3 xxx.xxx.xxx.xxx GET /VirtualDirectoryName - 443 - xxx.xxx.xxx.xxx Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.04506
.30;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) 403 7 64

These happen quite often, sometimes 4 or so requests in a row.
Directory browsing is disabled on the sites, and the default page is set to default.htm which exists, so theoretically, there should be no requests for the path.
I have enabled schannel logging, but couldnt find one matching the timestamp in IIS. For example, in IIS we have one for 2008-10-30 11:49:50, and in event viewer we have one for 11:49:52 and one for 11:49:45. I also couldnt find a patter that makes it look like the one is trailing the other by a couple of seconds.

All the IIS requests are on port 443, none are on 80.

Schannel logs information events, but no warnings.
The client confirmed that the system logs and IIS logs were from the same server.

They run Windows 2003 x64 R2 on a NLB cluster. The machines in the testing environment is a single machine only.
I am able to intermittently reproduce it on my own environment (XP 64). One out of 20 times doing the exact same actions will give me the error in the logs. The error does not affect the user at all.

Testers currently test on Windows XP 32, with IE6, IE7 and Firefox, using software certs, or in some cases USB tokens. I replicated using a software cert.

Now this does not sound like something I should be spending my time on, but the client is being audited, and this has been raised as a concern by the auditing company.