• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Prevent Anonymous Access Attempt

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing >> Prevent Anonymous Access Attempt Page: [1]
Login
Message << Older Topic   Newer Topic >>
Prevent Anonymous Access Attempt - 15.Jun.2009 1:44:39 PM   
jmarsetta

 

Posts: 6
Joined: 18.Aug.2007
Status: offline
So I've setup KDC to my sharepoint and reporting services sites and it works quite well save for one small issue I cannot seem to figure out. When a user attempts to access the sharepoint site from the internet, there is a delay before he is prompted for "basic" credentials, after credentials are entered everything works great. When I monitored the logging I found that Isa is trying to access the site anonymously first and after the requests times out, only then does it prompt for credentials. The publishing rule only applies to authenticated users and the listener requires everyone to authenticate, so I do not know why it keeps trying to connect anonymously first. Does anyone have any thoughts on this?

I've setup kerberos internally so anonymous access is disabled on all IIS instances.
Post #: 1
RE: Prevent Anonymous Access Attempt - 15.Jun.2009 6:13:06 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
The web browser will always try to connect annonymously and will only provide authentication when a 407 (auth required) is returned by ISA.

This normal, by design, behaviour...

Cheers

JJ


_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to jmarsetta)
Post #: 2
RE: Prevent Anonymous Access Attempt - 26.Jun.2009 2:57:50 PM   
jmarsetta

 

Posts: 6
Joined: 18.Aug.2007
Status: offline
I know believe the delay was a result of CRL checking, I was using an internal MS PKI generated SSL cert and when I moved into production, I used our existing verisign certificate. After the transition the login prompt appears almost immediately, it would seem the log entries were somewhat of a red herring in relation to the 'auth delay' issue.

I now have a working KCD implementation with delegation as follows

ISA delegating credentials to the following distributed services with only 1 password prompt from the internet:

  • Reporting and Analysis Services on SQL2005 machine #1
  • SQL connection on SQL2005 machine #2
  • IIS 6 on machine #3
  • Sharepoint 2007 Portal as the presentation layer for the previous 3 machines

Regards


(in reply to jmarsetta)
Post #: 3
RE: Prevent Anonymous Access Attempt - 26.Jun.2009 3:24:20 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Cool

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to jmarsetta)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing >> Prevent Anonymous Access Attempt Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts