View previous topic :: View next topic |
Author |
Message |
leo1631
Joined: 27 Apr 2006 Posts: 55
|
Posted: Mon Feb 05, 2007 2:39 am Post subject: How to pass thru Windows domain authentication? |
|
|
Hi, I have a problem. I need to monitor some web application which use windows domain authentication, just like some sharepoint web applications, can HostMonitor's test pass thru that? and how?
Thanks. |
|
Back to top |
|
|
KS-Soft Europe
Joined: 16 May 2006 Posts: 2832
|
Posted: Mon Feb 05, 2007 3:26 am Post subject: |
|
|
HostMonitor may perform such test under some conditions...
1) enable "Ignore unknown certificate authority problems" option in "URL test properties" dialog
2) specify user name and password (just like you do that for basic authentication)
3) Mark "Enable Integrated Windows authentication" option in "Advanced" tab of "Internet Options" dialog of Internet Explorer on the machine, where HostMonitor is running.
Please note: to enable "Ignore unknown certificate authority problems" option for http requests, you should select "HTTPS" from "Service" combobox, enable "Ignore unknown certificate authority problems" option, and select "HTTP" back in "Service" combobox.
Regards,
Max |
|
Back to top |
|
|
leo1631
Joined: 27 Apr 2006 Posts: 55
|
Posted: Tue Feb 06, 2007 1:39 am Post subject: |
|
|
Thank Max for the instant reply.
But Unfortunately it does not work, the url test still can not access the web page because of privilege.
BTW, does a url test of HM process with the Internet Explorer? Why modify the Options of Internet Explorer, I've always thinked that HM is not concerned with IE at all.
Regards,
Leo |
|
Back to top |
|
|
leo1631
Joined: 27 Apr 2006 Posts: 55
|
Posted: Tue Feb 06, 2007 1:40 am Post subject: |
|
|
And also, is there any other method worthy to try? |
|
Back to top |
|
|
KS-Soft Europe
Joined: 16 May 2006 Posts: 2832
|
Posted: Tue Feb 06, 2007 2:39 am Post subject: |
|
|
leo1631 wrote: | But Unfortunately it does not work, the url test still can not access the web page because of privilege. | So, it does not work for you. It's a pity. Have you enabled "Ignore unknown certificate authority problems" option in "URL test properties" dialog? Have you access to the web server configuration? Could you tell me what options is enabled in "Authentication Methods" applet on "Directory Security" tab in "Web site properties" window of this certain site in "IIS Manager"? Could you send a screen-shot to support@ks-soft.net? Could you also take a look at web server log files? What error do you see in records that are concerned to HostMonitor's requests?
leo1631 wrote: | BTW, does a url test of HM process with the Internet Explorer? Why modify the Options of Internet Explorer, I've always thinked that HM is not concerned with IE at all. |
Actually, HostMonitor does not use IE directly. However, URL test method uses wininet.dll (part of Internet Explorer), that uses some IE registry settings.
Regards,
Max |
|
Back to top |
|
|
leo1631
Joined: 27 Apr 2006 Posts: 55
|
Posted: Tue Feb 13, 2007 12:42 am Post subject: |
|
|
Sorry for delayed answer.
KS-Soft Europe wrote: | Have you enabled "Ignore unknown certificate authority problems" option in "URL test properties" dialog? | Absolutely yes. The URL looks like "http://domain\user:password@10.177.4.2 80/jsc/jsc.htm", is that correct?
KS-Soft Europe wrote: | Could you tell me what options is enabled in "Authentication Methods" applet on "Directory Security" tab in "Web site properties" window of this certain site in "IIS Manager"? | Only "Integrated Windows authentication" is enabled.
KS-Soft Europe wrote: | Could you also take a look at web server log files? What error do you see in records that are concerned to HostMonitor's requests?
|
The records in web log shows that HM still uses the guest account to access page.
-------------------------------------------------------
#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2007-02-13 03:42:09
#Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent) cs(Cookie) cs(Referer)
2007-02-13 03:42:09 10.177.8.25 - 10.177.4.2 80 GET /jsc/jsc.htm - 401 5 4625 272 0 HTTP/1.0 10.177.4.2 Mozilla/4.0+(compatible;+MSIE+6.0) - -
2007-02-13 03:42:09 10.177.8.25 QDKILL2\Guest 10.177.4.2 80 GET /jsc/jsc.htm - 401 5 4240 399 16 HTTP/1.0 10.177.4.2 Mozilla/4.0+(compatible;+MSIE+6.0) - -
2007-02-13 03:42:10 10.177.8.25 QDKILL2\Guest 10.177.4.2 80 GET /jsc/jsc.htm - 401 5 4240 399 16 HTTP/1.0 10.177.4.2 Mozilla/4.0+(compatible;+MSIE+6.0) - -
------------------------------------------------------- |
|
Back to top |
|
|
KS-Soft Europe
Joined: 16 May 2006 Posts: 2832
|
Posted: Tue Feb 13, 2007 4:02 am Post subject: |
|
|
leo1631 wrote: | The URL looks like "http://domain\user:password@10.177.4.2 80/jsc/jsc.htm", is that correct? | Correct.
Is the machine, where HostMonitor is running, a member of the domain? Could you try to specify username without domain name? Your URL shoud be like this: "http://user:password@10.177.4.2 80/jsc/jsc.htm"
Does it work?
Regards,
Max |
|
Back to top |
|
|
leo1631
Joined: 27 Apr 2006 Posts: 55
|
Posted: Tue Feb 13, 2007 4:32 pm Post subject: |
|
|
Yes, it's a member of the domain.
URL like"http://user:password@10.177.4.2 80/jsc/jsc.htm", I've tried, but it does not work cause the web server think the account is a local user. |
|
Back to top |
|
|
KS-Soft Europe
Joined: 16 May 2006 Posts: 2832
|
Posted: Wed Feb 14, 2007 2:46 pm Post subject: |
|
|
leo1631 wrote: | Yes, it's a member of the domain. | Ok. What account do you use to start HostMonitor? If HostMonitor is started as service and you have specified domain admin account (Options > Service tab), than URL test should work without specifying username/password into "Password protected page" area of "URL test properties window". Could you try such workaround?
Regards,
Max |
|
Back to top |
|
|
leo1631
Joined: 27 Apr 2006 Posts: 55
|
Posted: Wed Feb 14, 2007 7:49 pm Post subject: |
|
|
HostMonitor is started as service with a user of domain( not domain administrator), I can access the page if using IE and the user, but HM can not.
I checked the web log, HM still uses guest user "QDKILL2\Guest" try to access the page even if a URL test is specified username/password. When URL test work without specifying username/password, web log shows HM using "10.177.4.2", nothing else. |
|
Back to top |
|
|
KS-Soft Europe
Joined: 16 May 2006 Posts: 2832
|
Posted: Tue Feb 20, 2007 4:48 am Post subject: |
|
|
Sorry, it seems HostMonitor does not support "Integrated Windows authentication" in some cases. We have added this task in our "to do" list. Low priority.
Regards,
Max |
|
Back to top |
|
|
leo1631
Joined: 27 Apr 2006 Posts: 55
|
Posted: Tue Feb 20, 2007 10:19 am Post subject: |
|
|
Anyway, thanks. |
|
Back to top |
|
|
CapQwerty
Joined: 14 Dec 2005 Posts: 36
|
Posted: Sun Jun 24, 2007 6:48 pm Post subject: |
|
|
We have had an interesting scenario
Last week we moved our system from a windows 2000 server to a Windows 2003 server
On the 2000 machine we had the username and password setup in the service section of Hostmon and also set up in the windows service section.
Untill the move there had been no issues with intergrated authentication.
But with the move we are no longer able to get this to work.
Reading above we had it working against what this thread says But now we are down around 30 http style tests because of this.
Any chance you can bump this up the priority list or explain why Win2k we got away with this work around and not 2003.
Regards
Jason |
|
Back to top |
|
|
KS-Soft Europe
Joined: 16 May 2006 Posts: 2832
|
Posted: Mon Jun 25, 2007 2:46 am Post subject: |
|
|
CapQwerty wrote: | Reading above we had it working against what this thread says But now we are down around 30 http style tests because of this. | What exact tests are down? URL? HTTP? URL test method uses wininet.dll, that is used by Internet Explorer, so you may try to enable "Automatic logon with current username and password" option in "User Authentication" -> "Logon" section of "Security settings" windows of "Internet Explorer" (IE menu "Tools" -> "Internet Options" tab -> "Security" tab -> "Custom Level" button). This option shoul help.
Regards,
Max |
|
Back to top |
|
|
mpilz
Joined: 05 Sep 2003 Posts: 6
|
Posted: Thu Aug 09, 2007 12:35 am Post subject: |
|
|
Hello.
We need also the Http test for windows integrated authentication. I think every iis config for intern webservers have integated authentications for security reasons.
Ok we will waiting for a new versions......
Regards
Marko |
|
Back to top |
|
|
|