PRB: "Access Is Denied" Error When You Expect Logon Dialog Box to Appear (175805)

SYMPTOMS

When using NT Challenge/Response authentication, individuals accessing the site from the Internet receive "Error: Access Is Denied" when trying to access a secure Web page or directory.

Users connecting to the site internally (via corporate LAN) and logged onto the authorized NT Domain are granted access.

CAUSE

NT Challenge/Response (NTLM) is unable to authenticate users who do not have a direct connection to the Internet Information Server (IIS) server. Therefore, users coming to a site through a corporate or ISP Proxy server will receive the "Error: Access Is Denied" message.

RESOLUTION

In order to secure the site for use from the Internet, Basic Authentication must be turned on and NTLM should be turned off. This will allow the individual accessing the page from the Internet the opportunity to enter a valid NT account name and password.

MORE INFORMATION

NT Challenge/Response is designed to be used primarily for corporate intranets that use the NT Domain authentication model. Basic security is provided for Web administrators who want to have user authorization on their public Internet site.

Steps to Reproduce Behavior

Turn NT Challenge/Response On in Internet Service Manager.
Create a secure directory on you Web server, thereby removing IUSR_machinename and Everyone from the access list
Put or create a HTML page in the secure directory.
Access the page coming from the public Internet.

REFERENCES

For the latest Knowledge Base articles and other support information on Visual InterDev and Active Server Pages, see the following page on the Microsoft Technical Support site:

http://support.microsoft.com/search/default.aspx?qu=vinterdev