Friday, August 26, 2011

401 - Unhautorized (Invalid Credentials in IE)

We started having problems with Integrated Authentication in our Outsystems solution. We made tests for two months with a dozen of different users and all main browsers (IE8 and 9, Firefox 5 and 6, Chrome 13) with absolutelly no problems of that type.

This is a technology I strongly recommend for it's speed, potential and ease of use, so such a basic problem days before going to the production environment was totally unexpected.


The Integrated Authentication with Active Directory wasn't working. It usually enters automatically in IE and requests for AD login in other browsers. This time Mozilla and Chrome were working as usual, but IE was requesting credentials and giving error 401 - Unhautorized validating them.


We debugged the application from start to finish not finding a reason for it. The solution was found in a forum, not about Outsystems, but about IIS7 (LINK).

The answer given by jay-dubb was:
To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

To us it worked like a charm, proving once again that the problem is never in Outsystems.

1 comment:

Rich said...

This helped me get close to my issue. Except I didn't have Windows Authentication. The only option enabled was "Anonymous Authentication". So, I Edited that and saw there were 2 radio buttons: "Specific User" and "App Pool Identity" When I selected the "App Pool Identity" Everything worked well. Thanks for the hint at my real fix. It did save me time.