[Zope] zope under nt w/ ie5 as client - Definite solution.

Martijn Pieters mj@antraciet.nl
Tue, 13 Apr 1999 15:02:46 +0200


At 13:21 13/04/99 , Karl & Mel wrote:
>
>From: Martijn Pieters <mj@antraciet.nl>
>Not sure what the problem really was. :-( but it started working after I
>mucked with the security settings in IIS and ie5.  So am happy now.  I was
>able to finish work on the Copy/Move functionality for Confera :-)  Still
>got some work to do on it but IT WORKS!  enough... thats for the other list.
>As near as I can figure I think it is the ie5 "nice" error pages or the
>intranet secuity settings that prevented the authentication.  Maybe its time
>to give up ie for NS or Grail ;-)
>

Hmm.. I got it working for a moment as well, by switching off anonymous
access, and switching on Basic Authentication (therefore always getting
access denied). The browser now allowed me to type in my Zope username and
password. IIS now denies me access (because the username and password are
not know to it). Then switching Anonymous access back on, and Basic
Authentication back off, I log into the Zope management screens. 

However, shutting down your browser undoes all your work. Back to the old
conclusion that IE5.0 'forgets' to ask for your username and password,
because the HTTP status code is 401.5, which it doesn't recognize. 

I have now found a permanent solution though:

Further playing showed that the message in your browser is a file returned
by IIS. With IIS you can specify custom error HTML files. Out of the box,
401.5 is set up to return %SystemRoot%/help/common/401-5.htm. When you set
IIS up to serve it's 'default' (i.e. no file), everything suddenly works!

I have managed to trace the exact reason to this fundamental difference.
When IIS encounters the 401 return from Zope, it will return the file
specified by it's custom error tab instead. When returning this file, IIS
doesn't specify a Www-Authenticate header anymore. IE5.0 *correctly*
doesn't ask for a username and password. I can only conclude that it is a
IIS 4.0 bug. It should just return all the headers Zope generated, with the
body replaced by the contents of the file. When you set the custom error
handling to 'default', IIS doesn't interfere with the headers returned by
Zope, and the Www-Authenticate header isn't killed.

To switch off the custom error handler, go to the properties dialog box of
your IIS web. Choose the 'Custom Errors' tab. Select '401;5' in the HTTP
Error column, and click on 'Edit Properties...'. Set the Message-Type to
'Default', and click OK twice. Now everything should work.

This imformation should probably be in doc/WEBSERVER.txt. I'll submit this
to the collector.

--
Martijn Pieters, Web Developer
| Antraciet http://www.antraciet.nl
| Tel: +31-35-6254545 Fax: +31-35-6254555
| mailto:mj@antraciet.nl http://www.antraciet.nl/~mj
| PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149
------------------------------------------