IE6SP1 on Windows2000, SSL, client authentication, 403.7 and so on and so on.

  • Thread starter Nickolay Bolshackov
  • Start date
N

Nickolay Bolshackov

Hi!

I've some sort of troubles trying to build an Single Sign-On server.
My web application redirects (by sending 302 moved) user to custom SSO
built on ASP.NET (IIS5.0, Windows 2000) using secure protocol (HTTPS).

SSO requires client to authenticate with client certificate. So, the problem
occurs on client machines running Windows 2000 with IE 6SP1 (2800.1106),
when user reaches the SSO page, server responds with 403.7 (certificate
required). Of course, client certificate for this user is present and valid.

On XP client machines with IE6SP2(2900.xxxx) it does not happened. It also
worked fine with Firefox on any platform.

Does anybody have any idea on what's this about? Any help would be
appreciated.

\\NB
 
J

Jan Il

Hi Nickolay :)

Try the following and see if it helps:

How can I turn off the "security alert" dialog boxes that appears when I
open a webpage
http://itinfo.mit.edu/answer?id=5228

also…..

Make sure your machine clock and date are set correctly.

Every certificate has an expiration and start date. When your clock or date
is off, a ways, it may think the certificates are not valid, so it pops up
this alert telling you that its either not valid yet or expired for your own
protection. So, be sure your date and time are correct and see if the
alerts stop.

and....

Go to Tools>Internet Options>Advanced tab>scroll down to 'Warn about invalid
site
certificates" and make sure it is UNchecked.

If that does not work, you might also try:

Go to Tools>Internet Options>Security tab>highlight Internet>click Custom
level tab>scroll down and UNcheck the button next to "Don't prompt for
client certificate selection when no certificates or only one certificate
exists."

You might also try adding the site to the Trusted Sites in the
Tools>Internet Options>Security tab and see if that helps as well.

Hope this helps.

Jan :)
MS MVP - Windows IE/OE [DTS/AumHa]
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
 
N

Nickolay Bolshackov

Hi Jan,
How can I turn off the "security alert" dialog boxes that appears when I
open a webpage
http://itinfo.mit.edu/answer?id=5228
Click to expand...

Had tried it in all possible combinations :)
Make sure your machine clock and date are set correctly.
Click to expand...

They are.

So, be sure your date and time are correct and see if the
alerts stop.
Click to expand...

There is no alerts, if you mean "gray rectangles with red icon and pair of
OK/Cancel buttons" :) I just see that server returns HTTP/1.1 403.7 instead
of expected HTTP/1.1 200.
Again, as far as I can see there are some differences between IE6SP1 on W2K
and IE6SP2 on XP which made this possible. But MSDN gave me no answer :)
Go to Tools>Internet Options>Advanced tab>scroll down to 'Warn about
invalid site
certificates" and make sure it is UNchecked.

If that does not work, you might also try:

Go to Tools>Internet Options>Security tab>highlight Internet>click Custom
level tab>scroll down and UNcheck the button next to "Don't prompt for
client certificate selection when no certificates or only one certificate
exists."

You might also try adding the site to the Trusted Sites in the
Tools>Internet Options>Security tab and see if that helps as well.

Hope this helps.
Click to expand...

It doesn't :(


\\NB


Jan :)
MS MVP - Windows IE/OE [DTS/AumHa]
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

Hi!

I've some sort of troubles trying to build an Single Sign-On server.
My web application redirects (by sending 302 moved) user to custom SSO
built on ASP.NET (IIS5.0, Windows 2000) using secure protocol (HTTPS).

SSO requires client to authenticate with client certificate. So, the
problem occurs on client machines running Windows 2000 with IE 6SP1
(2800.1106), when user reaches the SSO page, server responds with 403.7
(certificate required). Of course, client certificate for this user is
present and valid.

On XP client machines with IE6SP2(2900.xxxx) it does not happened. It
also worked fine with Firefox on any platform.

Does anybody have any idea on what's this about? Any help would be
appreciated.

\\NB
Click to expand...
Click to expand...
 
J

Jan Il

Hi Nickolay :)

Sorry that I can't be of help, but, perhaps someone else here has more
experience in this area and can provide you with more information on your
problem.

Good Luck :)

Hope this helps.

Jan :)
MS MVP - Windows IE/OE [DTS/AumHa]
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm


Hi Jan,
How can I turn off the "security alert" dialog boxes that appears when I
open a webpage
http://itinfo.mit.edu/answer?id=5228
Click to expand...

Had tried it in all possible combinations :)
Make sure your machine clock and date are set correctly.
Click to expand...

They are.

So, be sure your date and time are correct and see if the
alerts stop.
Click to expand...

There is no alerts, if you mean "gray rectangles with red icon and pair of
OK/Cancel buttons" :) I just see that server returns HTTP/1.1 403.7
instead of expected HTTP/1.1 200.
Again, as far as I can see there are some differences between IE6SP1 on
W2K and IE6SP2 on XP which made this possible. But MSDN gave me no answer
:)
Go to Tools>Internet Options>Advanced tab>scroll down to 'Warn about
invalid site
certificates" and make sure it is UNchecked.

If that does not work, you might also try:

Go to Tools>Internet Options>Security tab>highlight Internet>click Custom
level tab>scroll down and UNcheck the button next to "Don't prompt for
client certificate selection when no certificates or only one certificate
exists."

You might also try adding the site to the Trusted Sites in the
Tools>Internet Options>Security tab and see if that helps as well.

Hope this helps.
Click to expand...

It doesn't :(


\\NB


Jan :)
MS MVP - Windows IE/OE [DTS/AumHa]
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other
readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

Hi!

I've some sort of troubles trying to build an Single Sign-On server.
My web application redirects (by sending 302 moved) user to custom SSO
built on ASP.NET (IIS5.0, Windows 2000) using secure protocol (HTTPS).

SSO requires client to authenticate with client certificate. So, the
problem occurs on client machines running Windows 2000 with IE 6SP1
(2800.1106), when user reaches the SSO page, server responds with 403.7
(certificate required). Of course, client certificate for this user is
present and valid.

On XP client machines with IE6SP2(2900.xxxx) it does not happened. It
also worked fine with Firefox on any platform.

Does anybody have any idea on what's this about? Any help would be
appreciated.

\\NB
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Can someone explain this difference in IE behavior? 4
IEclient/Tomcat server using SSL for client authentication. 0
SSL Client Authentication 5
Vista clients and EAP-TLS authentication - problem with certificates 5
Windows authentication - 2000 Server and XP client 1
When a HD on a general client under AD breaks down, and you want itup real fast. 2
ASP.NET Redirect behind proxy fails, ASP 3 works. 1
Outlook 2003 over VPN on XP client delay 26

Top