[Zope] - IIS Authentication!

Wolf Logan wolf@searchbutton.com
Thu, 21 Jan 1999 10:34:30 -0800


here's some info about how IIS handles authentication:

* if "anonymous" is the only method selected, authentication information is
passed directly to the web application -- which is how zope wants it.

* if "basic" or "challenge/response" is selected, IIS uses the
authentication information itself, to verify access to the *requested files*
in the NT filesystem. the web application doesn't get the information, since
it's expected that the access control lists on the files are being used to
restrict access.

* the only difference between "basic" and "c/r" is the protocol used to
retrieve the authentication from the client. as far as i know, only internet
explorer can handle c/r, but i could be wrong about that.

* if more than one method of authentication is selected, IIS starts with the
most restrictive and works backwards. in other words, if "c/r" is selected,
it will be used first, then "basic" (if it's selected).

what all this means is that if zope expects to get any authentication info
from IIS, the only option you can specify is "anonymous". than means,
however, that the *files* in your filesystem that represent zope have to be
accessable by the "anonymous" user (the user account specified as such in
the service manager). i have a sneaking suspicion that this is one of the
things that's stopping you.

> -----Original Message-----
> From:	Phil Harris [SMTP:pharris@forfree.at]
> Sent:	Thursday, January 21, 1999 7:59 AM
> 
> I have already tried that, but I get the error message as shown in the
> original post 8^(
> 
> I'm now trying to get this thing to work on Linux with Apache and am
> having
> similar problems, oh god I wish I knew what I was doing 8^).
> 
> Thanks anyway.
> 
> Phil
> wmlph@d032.ml.uwcm.ac.uk
> 
> ----- Original Message -----
> From: Brian Lloyd <Brian@digicool.com>
> To: 'Phil Harris' <wmlph@d032.ml.uwcm.ac.uk>; Jim Fulton
> <jim.fulton@digicool.com>
> 
> >> I checked the user info and even created a new user,
> >> everything looks OK to
> >> me.
> >>
> >> The user's created are in the top level userfolder and have a role of
> >> 'manager'.
> >>
> >> As I said in my original post, I couldn't get anyone to log
> >> in with the
> >> instructions in the docs.  So I have activated
> >> basic-authentication, would
> >> this have anything to do with it?
> >
> >Phil,
> >
> >Under IIS, you need to _both_ Basic and NT authentication
> >turned *off*. If either is turned on, IIS will attempt to
> >handle the authentication itself - it will never even consult
> >Zope :(
> >
> >
> >Brian Lloyd        brian@digicool.com
> >Software Engineer  540.371.6909
> >Digital Creations  http://www.digicool.com
> >
> >
> 
>