Posting Acceptor Repost Fails When You Use Internet Explorer 5 with NTLM Security (259789)
The information in this article applies to:
- Microsoft Site Server 3.0
This article was previously published under Q259789 SYMPTOMS
When you use Posting Acceptor to upload files, reposting fails if you use Windows NT NTLM security. Even though the content is uploaded successfully, the repost fails and the confirmation page returns the following error message:
You are not authorized to view this page
CAUSE
When you upload a file by using the Site Server Posting Acceptor, Cpshost.dll calls WinInet to process Repost.asp. A security problem in Internet Explorer 4.0 allows Repost.asp to be called when you use NTLM security and perform a repost operation without proper authentication.
This security bug has been fixed in Internet Explorer 5. As a result, uploads fail on Repost.asp. NTLM authentication allows a client to access a server that has authenticated with the system. The ImpersonateLoggedonUser API supports impersonation against a server on behalf of a client. However, another server cannot be accessed without performing another authentication. The reposting process to the second server is done without performing such an authentication.
WORKAROUND
To work around this problem, do one of the following:
- Use Basic authentication or configure Allow Anonymous.
- Use Basic authentication with SSL to provide a secured connection.
- Use Windows NT 4.0 and Internet Explorer 4.0 with Site Server 3.0 Service Pack 3 (SP3).
RESOLUTION
Microsoft Internet Publishing Provider does not make use of WinInet, and therefore, does not share the NTLM authentication issue.
STATUSMicrosoft has confirmed that this is a problem in Site Server 3.0.
Modification Type: | Major | Last Reviewed: | 10/16/2002 |
---|
Keywords: | kbbug kbQFE KB259789 |
---|
|