Don't want security

Thanks a lot for your help

But if do so, I got the following message even when I type in
"http://ABC/website":
You are not authorized to view this page
You do not have permission to view this directory or page due to the
access control list (ACL) that is configured for this resource on the Web
server.
--------------------------------------------------------------------------

Please try the following:

a.. Contact the Web site administrator if you believe you should be
able to view this directory or page.
b.. Click the Refresh button to try again with different
credentials.
HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on
the requested resource.
Internet Information Services (IIS)



"Ohaya" <ohaya RemoveThis @cox.net> wrote in message news:3F933534.BAF9A732@cox.net...
 > JL,
 >
 > Under the Properties for that website, go to the "Directory Security",
 > then under "Authentication and Access Control", and check if:
 >
 > 1) "Allow anonymous" is checked, and
 >
 > 2) All the check boxes under "Authenticated Access" are unchecked.
 >
 >
 >
 >
 >
 > JL wrote:
  > >
  > > I have a machine running win2003 server IIS 6.0. It's within a intranet
  > > enviroment in the company. I use it to host a web application. The
machine's
  > > name is "ABC", it's full name is: "ABC.company.com"
  > >
  > > The problem is when I access the website by type in
"http://ABC/website",
  > > it's working fine without asking any password. But I access it from a
  > > machine which is not inside the company intranet by this way. But if I
type
  > > in "http://ABC.company.com/website", it always asks you password which
is
  > > very annoyed. Could anybody tell me why and I would be very appreciate?<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Don't want security 

And which part don't you understand? Just check and fix the file system
permissions on your web site files.

Jerry

"JL" <ljmagzine.DeleteThis@hotmail.com> wrote in message
news:%238fmZ0qlDHA.1764@tk2msftngp13.phx.gbl...
 > Thanks a lot for your help
 >
 > But if do so, I got the following message even when I type in
 > "http://ABC/website":
 > You are not authorized to view this page
 > You do not have permission to view this directory or page due to the
 > access control list (ACL) that is configured for this resource on the Web
 > server.
 > --------------------------------------------------------------------------
 >
 > Please try the following:
 >
 > a.. Contact the Web site administrator if you believe you should
be
 > able to view this directory or page.
 > b.. Click the Refresh button to try again with different
 > credentials.
 > HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set
on
 > the requested resource.
 > Internet Information Services (IIS)
 >
 >
 >
 > "Ohaya" <ohaya.DeleteThis@cox.net> wrote in message news:3F933534.BAF9A732@cox.net...
  > > JL,
  > >
  > > Under the Properties for that website, go to the "Directory Security",
  > > then under "Authentication and Access Control", and check if:
  > >
  > > 1) "Allow anonymous" is checked, and
  > >
  > > 2) All the check boxes under "Authenticated Access" are unchecked.
  > >
  > >
  > >
  > >
  > >
  > > JL wrote:
   > > >
   > > > I have a machine running win2003 server IIS 6.0. It's within a
intranet
   > > > enviroment in the company. I use it to host a web application. The
 > machine's
   > > > name is "ABC", it's full name is: "ABC.company.com"
   > > >
   > > > The problem is when I access the website by type in
 > "http://ABC/website",
   > > > it's working fine without asking any password. But I access it from a
   > > > machine which is not inside the company intranet by this way. But if I
 > type
   > > > in "http://ABC.company.com/website", it always asks you password which
 > is
   > > > very annoyed. Could anybody tell me why and I would be very
appreciate?
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Don't want security 

JL,

I think that you have gotten further than you did before. As "Jerry III"
has suggested in his post, I think that you now have to go through and check
the permissions on the directories/files in the website to allow for access.

I think that before, when you were connecting to the website yourself, it
was authenticating you "under the covers" (i.e., you were probably logged
onto the network). The reason that people from "outside" were being asked
for their username/password because they weren't logged onto your network.

Now that you've enabled anonymous and disabled the other authentication
methods, anyone who connects will be logged in usually as something like
"IUSR_machinename", so you'll need to configure the directories/files so
that that user (IUSR_machinename) can access them.

It appears that the permissions are set to not allow this right now, and
that's why I think you're getting the ACL error.



"JL" <ljmagzine.RemoveThis@hotmail.com> wrote in message
news:%238fmZ0qlDHA.1764@tk2msftngp13.phx.gbl...
 > Thanks a lot for your help
 >
 > But if do so, I got the following message even when I type in
 > "http://ABC/website":
 > You are not authorized to view this page
 > You do not have permission to view this directory or page due to the
 > access control list (ACL) that is configured for this resource on the Web
 > server.
 > --------------------------------------------------------------------------
 >
 > Please try the following:
 >
 > a.. Contact the Web site administrator if you believe you should
be
 > able to view this directory or page.
 > b.. Click the Refresh button to try again with different
 > credentials.
 > HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set
on
 > the requested resource.
 > Internet Information Services (IIS)
 >
 >
 >
 > "Ohaya" <ohaya.RemoveThis@cox.net> wrote in message news:3F933534.BAF9A732@cox.net...
  > > JL,
  > >
  > > Under the Properties for that website, go to the "Directory Security",
  > > then under "Authentication and Access Control", and check if:
  > >
  > > 1) "Allow anonymous" is checked, and
  > >
  > > 2) All the check boxes under "Authenticated Access" are unchecked.
  > >
  > >
  > >
  > >
  > >
  > > JL wrote:
   > > >
   > > > I have a machine running win2003 server IIS 6.0. It's within a
intranet
   > > > enviroment in the company. I use it to host a web application. The
 > machine's
   > > > name is "ABC", it's full name is: "ABC.company.com"
   > > >
   > > > The problem is when I access the website by type in
 > "http://ABC/website",
   > > > it's working fine without asking any password. But I access it from a
   > > > machine which is not inside the company intranet by this way. But if I
 > type
   > > > in "http://ABC.company.com/website", it always asks you password which
 > is
   > > > very annoyed. Could anybody tell me why and I would be very
appreciate?
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Don't want security 

When you do http://abc IE thinks that you are in the local Intranet security
zone, so it automatically sends the current logged on user's Username and
Password to the server, which allows them to logon.

When you have a site like http://abc.company.com then IE does not autologon,
instead requiring the user to type in their username/password. This is a
security/privacy thing.

http://support.microsoft.com/?id=258063
IE May Prompt You For a Password

So, you have three options:
a) If you want to have the user authenticate using their Windows
username/password, but you don't want the dialogue box to popup, you have to
get the user to add http://abc.company.com to their local intranet zone
(this is in Internet Explorer)

b) You can have the user deal with the situation

c) If you want anyone to be able to view the site (not just authenticated
users), then you can allow "anonymous access" in the IIS MMC Snapin, as has
been pointed out by others already. When this happens, IIS uses the
IUSR_<machinename> account (by default) to read files off the hard disk.
Make sure that this account has NTFS permissions (RX) to the files in your
website

Cheers
Ken


"JL" <ljmagzine RemoveThis @hotmail.com> wrote in message
news:%238fmZ0qlDHA.1764@tk2msftngp13.phx.gbl...
: Thanks a lot for your help
:
: But if do so, I got the following message even when I type in
: "http://ABC/website":
: You are not authorized to view this page
: You do not have permission to view this directory or page due to the
: access control list (ACL) that is configured for this resource on the Web
: server.
: --------------------------------------------------------------------------
:
: Please try the following:
:
: a.. Contact the Web site administrator if you believe you should
be
: able to view this directory or page.
: b.. Click the Refresh button to try again with different
: credentials.
: HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set
on
: the requested resource.
: Internet Information Services (IIS)
:
:
:
: "Ohaya" <ohaya RemoveThis @cox.net> wrote in message news:3F933534.BAF9A732@cox.net...
: > JL,
: >
: > Under the Properties for that website, go to the "Directory Security",
: > then under "Authentication and Access Control", and check if:
: >
: > 1) "Allow anonymous" is checked, and
: >
: > 2) All the check boxes under "Authenticated Access" are unchecked.
: >
: >
: >
: >
: >
: > JL wrote:
: > >
: > > I have a machine running win2003 server IIS 6.0. It's within a
intranet
: > > enviroment in the company. I use it to host a web application. The
: machine's
: > > name is "ABC", it's full name is: "ABC.company.com"
: > >
: > > The problem is when I access the website by type in
: "http://ABC/website",
: > > it's working fine without asking any password. But I access it from a
: > > machine which is not inside the company intranet by this way. But if I
: type
: > > in "http://ABC.company.com/website", it always asks you password which
: is
: > > very annoyed. Could anybody tell me why and I would be very
appreciate?
:
:
 >> Stay informed about: Don't want security 

Thanks for all your help

Let me make it clear where I am now:
1. Directory permission is set to allow everyone Full control, also apply to
any files under that folder
2. Enabled anonymous access "IUSR_ABC"

But if I uncheck the Integreted Windows Authetication, no one can access it
any more. If I check it, the machine inside the intranet can get access by
"http://ABC/websit", but need password if using
"http://ABC.company.com/website", I haven't tried access from outside
machine.

Thanks again for all your help.


"Ohaya" <ohaya.RemoveThis@cox.net> wrote in message
news:unu9AFrlDHA.3316@tk2msftngp13.phx.gbl...
 > JL,
 >
 > I think that you have gotten further than you did before. As "Jerry III"
 > has suggested in his post, I think that you now have to go through and
check
 > the permissions on the directories/files in the website to allow for
access.
 >
 > I think that before, when you were connecting to the website yourself, it
 > was authenticating you "under the covers" (i.e., you were probably logged
 > onto the network). The reason that people from "outside" were being asked
 > for their username/password because they weren't logged onto your network.
 >
 > Now that you've enabled anonymous and disabled the other authentication
 > methods, anyone who connects will be logged in usually as something like
 > "IUSR_machinename", so you'll need to configure the directories/files so
 > that that user (IUSR_machinename) can access them.
 >
 > It appears that the permissions are set to not allow this right now, and
 > that's why I think you're getting the ACL error.
 >
 >
 >
 > "JL" <ljmagzine.RemoveThis@hotmail.com> wrote in message
 > news:%238fmZ0qlDHA.1764@tk2msftngp13.phx.gbl...
  > > Thanks a lot for your help
  > >
  > > But if do so, I got the following message even when I type in
  > > "http://ABC/website":
  > > You are not authorized to view this page
  > > You do not have permission to view this directory or page due to
the
  > > access control list (ACL) that is configured for this resource on the
Web
  > > server.
 >
 > --------------------------------------------------------------------------
  > >
  > > Please try the following:
  > >
  > > a.. Contact the Web site administrator if you believe you should
 > be
  > > able to view this directory or page.
  > > b.. Click the Refresh button to try again with different
  > > credentials.
  > > HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL
set
 > on
  > > the requested resource.
  > > Internet Information Services (IIS)
  > >
  > >
  > >
  > > "Ohaya" <ohaya.RemoveThis@cox.net> wrote in message
news:3F933534.BAF9A732@cox.net...
   > > > JL,
   > > >
   > > > Under the Properties for that website, go to the "Directory Security",
   > > > then under "Authentication and Access Control", and check if:
   > > >
   > > > 1) "Allow anonymous" is checked, and
   > > >
   > > > 2) All the check boxes under "Authenticated Access" are unchecked.
   > > >
   > > >
   > > >
   > > >
   > > >
   > > > JL wrote:
   > > > >
   > > > > I have a machine running win2003 server IIS 6.0. It's within a
 > intranet
   > > > > enviroment in the company. I use it to host a web application. The
  > > machine's
   > > > > name is "ABC", it's full name is: "ABC.company.com"
   > > > >
   > > > > The problem is when I access the website by type in
  > > "http://ABC/website",
   > > > > it's working fine without asking any password. But I access it from
a
   > > > > machine which is not inside the company intranet by this way. But if
I
  > > type
   > > > > in "http://ABC.company.com/website", it always asks you password
which
  > > is
   > > > > very annoyed. Could anybody tell me why and I would be very
 > appreciate?
  > >
  > >
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Don't want security 

JL, that everyone has full control doesn't really mean anything as deny
permissions win over allow - of course if Everyone is the only permission
set this doesn't apply. What exactly does "no one can access it any more"
mean? What error message are you getting?

Jerry

"JL" <ljmagzine.DeleteThis@hotmail.com> wrote in message
news:%239IKn9rlDHA.1244@TK2MSFTNGP11.phx.gbl...
 > Thanks for all your help
 >
 > Let me make it clear where I am now:
 > 1. Directory permission is set to allow everyone Full control, also apply
to
 > any files under that folder
 > 2. Enabled anonymous access "IUSR_ABC"
 >
 > But if I uncheck the Integreted Windows Authetication, no one can access
it
 > any more. If I check it, the machine inside the intranet can get access by
 > "http://ABC/websit", but need password if using
 > "http://ABC.company.com/website", I haven't tried access from outside
 > machine.
 >
 > Thanks again for all your help.
 >
 >
 > "Ohaya" <ohaya.DeleteThis@cox.net> wrote in message
 > news:unu9AFrlDHA.3316@tk2msftngp13.phx.gbl...
  > > JL,
  > >
  > > I think that you have gotten further than you did before. As "Jerry
III"
  > > has suggested in his post, I think that you now have to go through and
 > check
  > > the permissions on the directories/files in the website to allow for
 > access.
  > >
  > > I think that before, when you were connecting to the website yourself,
it
  > > was authenticating you "under the covers" (i.e., you were probably
logged
  > > onto the network). The reason that people from "outside" were being
asked
  > > for their username/password because they weren't logged onto your
network.
  > >
  > > Now that you've enabled anonymous and disabled the other authentication
  > > methods, anyone who connects will be logged in usually as something like
  > > "IUSR_machinename", so you'll need to configure the directories/files so
  > > that that user (IUSR_machinename) can access them.
  > >
  > > It appears that the permissions are set to not allow this right now, and
  > > that's why I think you're getting the ACL error.
  > >
  > >
  > >
  > > "JL" <ljmagzine.DeleteThis@hotmail.com> wrote in message
  > > news:%238fmZ0qlDHA.1764@tk2msftngp13.phx.gbl...
   > > > Thanks a lot for your help
   > > >
   > > > But if do so, I got the following message even when I type in
   > > > "http://ABC/website":
   > > > You are not authorized to view this page
   > > > You do not have permission to view this directory or page due to
 > the
   > > > access control list (ACL) that is configured for this resource on the
 > Web
   > > > server.
  > >
 >
 > --------------------------------------------------------------------------
   > > >
   > > > Please try the following:
   > > >
   > > > a.. Contact the Web site administrator if you believe you
should
  > > be
   > > > able to view this directory or page.
   > > > b.. Click the Refresh button to try again with different
   > > > credentials.
   > > > HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL
 > set
  > > on
   > > > the requested resource.
   > > > Internet Information Services (IIS)
   > > >
   > > >
   > > >
   > > > "Ohaya" <ohaya.DeleteThis@cox.net> wrote in message
 > news:3F933534.BAF9A732@cox.net...
   > > > > JL,
   > > > >
   > > > > Under the Properties for that website, go to the "Directory
Security",
   > > > > then under "Authentication and Access Control", and check if:
   > > > >
   > > > > 1) "Allow anonymous" is checked, and
   > > > >
   > > > > 2) All the check boxes under "Authenticated Access" are unchecked.
   > > > >
   > > > >
   > > > >
   > > > >
   > > > >
   > > > > JL wrote:
   > > > > >
   > > > > > I have a machine running win2003 server IIS 6.0. It's within a
  > > intranet
   > > > > > enviroment in the company. I use it to host a web application. The
   > > > machine's
   > > > > > name is "ABC", it's full name is: "ABC.company.com"
   > > > > >
   > > > > > The problem is when I access the website by type in
   > > > "http://ABC/website",
   > > > > > it's working fine without asking any password. But I access it
from
 > a
   > > > > > machine which is not inside the company intranet by this way. But
if
 > I
   > > > type
   > > > > > in "http://ABC.company.com/website", it always asks you password
 > which
   > > > is
   > > > > > very annoyed. Could anybody tell me why and I would be very
  > > appreciate?
   > > >
   > > >
  > >
  > >
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Don't want security 

Error message is:
You are not authorized to view this page
You do not have permission to view this directory or page due to the
access control list (ACL) that is configured for this resource on the Web
server.
--------------------------------------------------------------------------

Please try the following:

a.. Contact the Web site administrator if you believe you should be
able to view this directory or page.
b.. Click the Refresh button to try again with different
credentials.
HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on
the requested resource.
Internet Information Services (IIS)

--------------------------------------------------------------------------

Technical Information (for support personnel)

a.. Go to Microsoft Product Support Services and perform a title
search for the words HTTP and 401.
b.. Open IIS Help, which is accessible in IIS Manager (inetmgr), and
search for topics titled About Security, Access Control, and About Custom
Error Messages.




"Jerry III" <jerryiii.TakeThisOut@hotmail.com> wrote in message
news:eWzVDCulDHA.3732@tk2msftngp13.phx.gbl...
 > JL, that everyone has full control doesn't really mean anything as deny
 > permissions win over allow - of course if Everyone is the only permission
 > set this doesn't apply. What exactly does "no one can access it any more"
 > mean? What error message are you getting?
 >
 > Jerry
 >
 > "JL" <ljmagzine.TakeThisOut@hotmail.com> wrote in message
 > news:%239IKn9rlDHA.1244@TK2MSFTNGP11.phx.gbl...
  > > Thanks for all your help
  > >
  > > Let me make it clear where I am now:
  > > 1. Directory permission is set to allow everyone Full control, also
apply
 > to
  > > any files under that folder
  > > 2. Enabled anonymous access "IUSR_ABC"
  > >
  > > But if I uncheck the Integreted Windows Authetication, no one can access
 > it
  > > any more. If I check it, the machine inside the intranet can get access
by
  > > "http://ABC/websit", but need password if using
  > > "http://ABC.company.com/website", I haven't tried access from outside
  > > machine.
  > >
  > > Thanks again for all your help.
  > >
  > >
  > > "Ohaya" <ohaya.TakeThisOut@cox.net> wrote in message
  > > news:unu9AFrlDHA.3316@tk2msftngp13.phx.gbl...
   > > > JL,
   > > >
   > > > I think that you have gotten further than you did before. As "Jerry
 > III"
   > > > has suggested in his post, I think that you now have to go through and
  > > check
   > > > the permissions on the directories/files in the website to allow for
  > > access.
   > > >
   > > > I think that before, when you were connecting to the website yourself,
 > it
   > > > was authenticating you "under the covers" (i.e., you were probably
 > logged
   > > > onto the network). The reason that people from "outside" were being
 > asked
   > > > for their username/password because they weren't logged onto your
 > network.
   > > >
   > > > Now that you've enabled anonymous and disabled the other
authentication
   > > > methods, anyone who connects will be logged in usually as something
like
   > > > "IUSR_machinename", so you'll need to configure the directories/files
so
   > > > that that user (IUSR_machinename) can access them.
   > > >
   > > > It appears that the permissions are set to not allow this right now,
and
   > > > that's why I think you're getting the ACL error.
   > > >
   > > >
   > > >
   > > > "JL" <ljmagzine.TakeThisOut@hotmail.com> wrote in message
   > > > news:%238fmZ0qlDHA.1764@tk2msftngp13.phx.gbl...
   > > > > Thanks a lot for your help
   > > > >
   > > > > But if do so, I got the following message even when I type in
   > > > > "http://ABC/website":
   > > > > You are not authorized to view this page
   > > > > You do not have permission to view this directory or page due
to
  > > the
   > > > > access control list (ACL) that is configured for this resource on
the
  > > Web
   > > > > server.
   > > >
  > >
 >
 > --------------------------------------------------------------------------
   > > > >
   > > > > Please try the following:
   > > > >
   > > > > a.. Contact the Web site administrator if you believe you
 > should
   > > > be
   > > > > able to view this directory or page.
   > > > > b.. Click the Refresh button to try again with different
   > > > > credentials.
   > > > > HTTP Error 401.3 - Unauthorized: Access is denied due to an
ACL
  > > set
   > > > on
   > > > > the requested resource.
   > > > > Internet Information Services (IIS)
   > > > >
   > > > >
   > > > >
   > > > > "Ohaya" <ohaya.TakeThisOut@cox.net> wrote in message
  > > news:3F933534.BAF9A732@cox.net...
   > > > > > JL,
   > > > > >
   > > > > > Under the Properties for that website, go to the "Directory
 > Security",
   > > > > > then under "Authentication and Access Control", and check if:
   > > > > >
   > > > > > 1) "Allow anonymous" is checked, and
   > > > > >
   > > > > > 2) All the check boxes under "Authenticated Access" are unchecked.
   > > > > >
   > > > > >
   > > > > >
   > > > > >
   > > > > >
   > > > > > JL wrote:
   > > > > > >
   > > > > > > I have a machine running win2003 server IIS 6.0. It's within a
   > > > intranet
   > > > > > > enviroment in the company. I use it to host a web application.
The
   > > > > machine's
   > > > > > > name is "ABC", it's full name is: "ABC.company.com"
   > > > > > >
   > > > > > > The problem is when I access the website by type in
   > > > > "http://ABC/website",
   > > > > > > it's working fine without asking any password. But I access it
 > from
  > > a
   > > > > > > machine which is not inside the company intranet by this way.
But
 > if
  > > I
   > > > > type
   > > > > > > in "http://ABC.company.com/website", it always asks you password
  > > which
   > > > > is
   > > > > > > very annoyed. Could anybody tell me why and I would be very
   > > > appreciate?
   > > > >
   > > > >
   > > >
   > > >
  > >
  > >
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Don't want security