IIS 7 and Above
ISX playlists and web security
Last post Mar 22, 2014 01:32 PM by kolvadw
Mar 20, 2014 09:58 AM|kolvadw|LINK
As mentioned previously I am using IIS media services to serve up mp3 files for a whole house automation web site. I've run into a bit of a problem. As long as I have the web site set for annonymous access it all works file. If I switch it to either Basic
or NTLM authentication the site not only prompts for the first page (as expected), but also prompts for credentials for each song in the .ISX file. This can't be the expected behavior... It's not a permissions issue as all files have access set for the users
group and all users are members of that too. (plus it all works as annonymous). I keep entering the same username and password and it goes on to the next song...
Any idea what is causing this and how to fix it?
Mar 20, 2014 10:22 AM|Rovastar|LINK
Are you going through reverse roxies or network kit like load balancers?
Does administrator account do this?
Does it work locally?
Mar 20, 2014 05:19 PM|kolvadw|LINK
This is a pretty simple home setup there is only the one server. From the Internet is sits behind a little cisco router. But the behavior is the same whether I use the Internet name or internal IP for the server. The behavior is also the same whether
I use a regular user account or an account in the admin group. Under annonymous everything works fine and no prompts. All files accessible. I go into IIS manager switch to basic, stop and restart the site and from then on ever song in the .isx file prompts
for a username and password. The initial prompt for the site looks like a Windows prompt and shows my cached username and password. Once I access a playlist a different plain black and white prompt comes up for each song saying the site uses basic authentication
which may not be secure. Each time I use the cached credentials and click login the next song plays.
There doesn't appear to be any events logged on the server during this behavior.
Hope that helps...
Mar 22, 2014 01:32 PM|kolvadw|LINK
Ok, while not "answered" I did find a workaround. I moved the .isx files to a separate annonymous web site and tighted down the security on the calling site that has the home control content. That way the home control links are secure, but whenever someone
selects an album to play the call goes to an IIS playlist on the annonymous site.