Problems with User IDs and Passwords Containing Special Characters with Windows NT Challenge/Response Authentication (296688)


The information in this article applies to:

  • Microsoft Internet Explorer (Programming) 4.0, when used with:
    • the operating system: Microsoft Windows 2000
    • the operating system: Microsoft Windows 98
  • Microsoft Internet Explorer (Programming) 4.01, when used with:
    • the operating system: Microsoft Windows 2000
    • the operating system: Microsoft Windows 98
  • Microsoft Internet Explorer (Programming) 4.01 SP1, when used with:
    • the operating system: Microsoft Windows 2000
    • the operating system: Microsoft Windows 98
  • Microsoft Internet Explorer (Programming) 4.01 SP2, when used with:
    • the operating system: Microsoft Windows 2000
    • the operating system: Microsoft Windows 98
  • Microsoft Internet Explorer (Programming) 5, when used with:
    • the operating system: Microsoft Windows 2000
    • the operating system: Microsoft Windows 98
  • Microsoft Internet Explorer (Programming) 5.01, when used with:
    • the operating system: Microsoft Windows 2000
    • the operating system: Microsoft Windows 98
  • Microsoft Internet Explorer (Programming) 5.01 SP1, when used with:
    • the operating system: Microsoft Windows 2000
    • the operating system: Microsoft Windows 98
This article was previously published under Q296688

SYMPTOMS

If a user is prompted for his or her credentials from a Web server that supports Windows NT Challenge/Response authentication, a dialog box with three input lines (for the user ID, password, and domain) is presented to the user. If the user ID, password, or domain entry contains a special character with a code point outside of the range from 32 to 126, the user's account is not granted access to the resource. If the password contains the special character, domain policies may force the account to be locked out after multiple retries.

CAUSE

The input fields in Internet Explorer are interpreted as ASCII input fields. Input that is entered by using the keyboard is encoded with the ANSI code page. The domain controller detects that an incorrect user ID or password has been typed because the character mapping between ASCII and ANSI is different for multiple characters (including language-specific special characters such as the German umlaut character).

Only characters that are identical in ASCII and ANSI are treated correctly. These characters have the same mapping in ANSI and ASCII: 

!"#$%&'()*+,-./ 
0123456789:;<=>?
@ABCDEFGHIJKLMNO
PQRSTUVWXYZ[\]^

WORKAROUND

To work around this issue, use either of the following methods:
  • Allow only characters in the upper table to be used for the user ID and password.
  • Use Basic authentication.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
Modification Type:MajorLast Reviewed:5/8/2003
Keywords:kbenv kbprb KB296688
©2002 Microsoft Corporation. All rights reserved.