Repeated prompts for user name/password using Digest Authentication with IIS (291373)


The information in this article applies to:

  • Microsoft FrontPage 2002
  • Microsoft FrontPage 2000
This article was previously published under Q291373
For a Microsoft FrontPage 97 and Microsoft FrontPage 98 version of this article, see 275123.

SYMPTOMS

When you attempt to use Microsoft FrontPage 2000 Service Release 1 (SR-1) or Microsoft FrontPage 2002 to author a Web site using Digest Authentication on a server running Microsoft Internet Information Services (IIS), you are continually prompted for a user name and password.

If you click Cancel in the Password dialog box, the Wecerr.txt file will contain an error message similar to the following:
01/01/2001 12:00:00

You are not authorized to perform the current operation.
NOTE: Microsoft Internet Information Services (IIS) version 5.0 and later can use a form of Internet security named Digest Authentication, which is defined in a Requests For Comment (RFC). An RFC is a document series that describes the Internet suite of protocols and related experiments.

For more information about Digest Authentication, please see the RFC 2617: HTTP Authentication: Basic and Digest Access Authentication document located at the following Web site:

http://rfc.net/rfc2617.html

CAUSE

This problem can occur if the Web site is not configured for Anonymous access to the Shtml.dll file in the FrontPage Server Extensions. In addition to using Digest Authentication to authenticate users for Web authoring, Microsoft FrontPage also needs Anonymous access to the Shtml.dll file for certain other operations.

RESOLUTION

To correct this problem when using Digest Authentication, enable Anonymous access. To do this, follow these steps:
  1. On the Windows Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
  2. Right-click the Web site on which you want to enable Anonymous access and click Properties on the menu that appears.
  3. In the Properties dialog box, click the Directory Security tab.
  4. In the Anonymous access and authentication control section, click Edit.
  5. In the Authentication Methods dialog box, click to select the Anonymous access check box and click OK.

    NOTE: The Digest authentication for Windows domain servers check box should already be selected.
  6. Click OK to close the Web site Properties dialog box.

WORKAROUND

As an alternative to using Digest Authentication, FrontPage 2000 Service Release 1 (SR-1) and FrontPage 2002 support the following authentication methods on IIS:
  • Windows Integrated Security on Microsoft Windows 2000.
  • Windows NTLM on Microsoft Windows 95, Microsoft Windows 98, Microsoft Windows Millennium Edition (Me), and Microsoft Windows NT 4.0.
  • Basic/Clear Text on all versions of Windows.
NOTE Basic authentication should be used only in conjunction with Secure Authoring (SSL) to protect user names and passwords. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

205698 How to use Secure Sockets Layer to help protect pages in your Web

For more information about these authentication methods, click the following article number to view the article in the Microsoft Knowledge Base:

264921 How IIS authenticates browser clients

MORE INFORMATION

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

222028 Setting up Digest Authentication for use with Internet Information Services 5.0

Modification Type:MajorLast Reviewed:8/4/2006
Keywords:kbfix kbprb KB291373
©2004 Microsoft Corporation. All rights reserved.