How to pass thru Windows domain authentication?

leo1631 · Post by **leo1631** » Mon Feb 05, 2007 2:39 am

Hi, I have a problem. I need to monitor some web application which use windows domain authentication, just like some sharepoint web applications, can HostMonitor's test pass thru that? and how?

Thanks.

KS-Soft Europe · Post by **KS-Soft Europe** » Mon Feb 05, 2007 3:26 am

HostMonitor may perform such test under some conditions...
1) enable "Ignore unknown certificate authority problems" option in "URL test properties" dialog
2) specify user name and password (just like you do that for basic authentication)
3) Mark "Enable Integrated Windows authentication" option in "Advanced" tab of "Internet Options" dialog of Internet Explorer on the machine, where HostMonitor is running.

Please note: to enable "Ignore unknown certificate authority problems" option for http requests, you should select "HTTPS" from "Service" combobox, enable "Ignore unknown certificate authority problems" option, and select "HTTP" back in "Service" combobox.

Regards,
Max

leo1631 · Post by **leo1631** » Tue Feb 06, 2007 1:39 am

Thank Max for the instant reply.
But Unfortunately it does not work, the url test still can not access the web page because of privilege.

BTW, does a url test of HM process with the Internet Explorer? Why modify the Options of Internet Explorer, I've always thinked that HM is not concerned with IE at all.

Regards,
Leo

leo1631 · Post by **leo1631** » Tue Feb 06, 2007 1:40 am

And also, is there any other method worthy to try?

KS-Soft Europe · Post by **KS-Soft Europe** » Tue Feb 06, 2007 2:39 am

leo1631 wrote:But Unfortunately it does not work, the url test still can not access the web page because of privilege.

So, it does not work for you. It's a pity. Have you enabled "Ignore unknown certificate authority problems" option in "URL test properties" dialog? Have you access to the web server configuration? Could you tell me what options is enabled in "Authentication Methods" applet on "Directory Security" tab in "Web site properties" window of this certain site in "IIS Manager"? Could you send a screen-shot to support@ks-soft.net? Could you also take a look at web server log files? What error do you see in records that are concerned to HostMonitor's requests?

leo1631 wrote:BTW, does a url test of HM process with the Internet Explorer? Why modify the Options of Internet Explorer, I've always thinked that HM is not concerned with IE at all.

Actually, HostMonitor does not use IE directly. However, URL test method uses wininet.dll (part of Internet Explorer), that uses some IE registry settings.

Regards,
Max

leo1631 · Post by **leo1631** » Tue Feb 13, 2007 12:42 am

Sorry for delayed answer.

KS-Soft Europe wrote: Have you enabled "Ignore unknown certificate authority problems" option in "URL test properties" dialog?

Absolutely yes. The URL looks like "http://domain\user:password@10.177.4.2 80/jsc/jsc.htm", is that correct?

KS-Soft Europe wrote: Could you tell me what options is enabled in "Authentication Methods" applet on "Directory Security" tab in "Web site properties" window of this certain site in "IIS Manager"?

Only "Integrated Windows authentication" is enabled.

KS-Soft Europe wrote: Could you also take a look at web server log files? What error do you see in records that are concerned to HostMonitor's requests?

The records in web log shows that HM still uses the guest account to access page.
-------------------------------------------------------
#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2007-02-13 03:42:09
#Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent) cs(Cookie) cs(Referer)
2007-02-13 03:42:09 10.177.8.25 - 10.177.4.2 80 GET /jsc/jsc.htm - 401 5 4625 272 0 HTTP/1.0 10.177.4.2 Mozilla/4.0+(compatible;+MSIE+6.0) - -
2007-02-13 03:42:09 10.177.8.25 QDKILL2\Guest 10.177.4.2 80 GET /jsc/jsc.htm - 401 5 4240 399 16 HTTP/1.0 10.177.4.2 Mozilla/4.0+(compatible;+MSIE+6.0) - -
2007-02-13 03:42:10 10.177.8.25 QDKILL2\Guest 10.177.4.2 80 GET /jsc/jsc.htm - 401 5 4240 399 16 HTTP/1.0 10.177.4.2 Mozilla/4.0+(compatible;+MSIE+6.0) - -

-------------------------------------------------------

KS-Soft Europe · Post by **KS-Soft Europe** » Tue Feb 13, 2007 4:02 am

leo1631 wrote:The URL looks like "http://domain\user:password@10.177.4.2 80/jsc/jsc.htm", is that correct?

Correct.
Is the machine, where HostMonitor is running, a member of the domain? Could you try to specify username without domain name? Your URL shoud be like this: "http://user:password@10.177.4.2 80/jsc/jsc.htm"
Does it work?

Regards,
Max

leo1631 · Post by **leo1631** » Tue Feb 13, 2007 4:32 pm

Yes, it's a member of the domain.
URL like"http://user:password@10.177.4.2 80/jsc/jsc.htm", I've tried, but it does not work cause the web server think the account is a local user.

KS-Soft Europe · Post by **KS-Soft Europe** » Wed Feb 14, 2007 2:46 pm

leo1631 wrote:Yes, it's a member of the domain.

Ok. What account do you use to start HostMonitor? If HostMonitor is started as service and you have specified domain admin account (Options > Service tab), than URL test should work without specifying username/password into "Password protected page" area of "URL test properties window". Could you try such workaround?

Regards,
Max

leo1631 · Post by **leo1631** » Wed Feb 14, 2007 7:49 pm

HostMonitor is started as service with a user of domain( not domain administrator), I can access the page if using IE and the user, but HM can not.
I checked the web log, HM still uses guest user "QDKILL2\Guest" try to access the page even if a URL test is specified username/password. When URL test work without specifying username/password, web log shows HM using "10.177.4.2", nothing else.

KS-Soft Europe · Post by **KS-Soft Europe** » Tue Feb 20, 2007 4:48 am

Sorry, it seems HostMonitor does not support "Integrated Windows authentication" in some cases. We have added this task in our "to do" list. Low priority.

Regards,
Max

leo1631 · Post by **leo1631** » Tue Feb 20, 2007 10:19 am

Anyway, thanks.

CapQwerty · Post by **CapQwerty** » Sun Jun 24, 2007 6:48 pm

We have had an interesting scenario
Last week we moved our system from a windows 2000 server to a Windows 2003 server
On the 2000 machine we had the username and password setup in the service section of Hostmon and also set up in the windows service section.

Untill the move there had been no issues with intergrated authentication.

But with the move we are no longer able to get this to work.
Reading above we had it working against what this thread says But now we are down around 30 http style tests because of this.

Any chance you can bump this up the priority list or explain why Win2k we got away with this work around and not 2003.

Regards
Jason

KS-Soft Europe · Post by **KS-Soft Europe** » Mon Jun 25, 2007 2:46 am

CapQwerty wrote:Reading above we had it working against what this thread says But now we are down around 30 http style tests because of this.

What exact tests are down? URL? HTTP? URL test method uses wininet.dll, that is used by Internet Explorer, so you may try to enable "Automatic logon with current username and password" option in "User Authentication" -> "Logon" section of "Security settings" windows of "Internet Explorer" (IE menu "Tools" -> "Internet Options" tab -> "Security" tab -> "Custom Level" button). This option shoul help.

Regards,
Max

mpilz · Post by **mpilz** » Thu Aug 09, 2007 12:35 am

Hello.

We need also the Http test for windows integrated authentication. I think every iis config for intern webservers have integated authentications for security reasons.
Ok we will waiting for a new versions......

Regards
Marko