Download & Extend
Secure Site » Issues

Cannot log-in under IIS

Posted by clivesj on August 16, 2007 at 2:22pm
Project:Secure Site
Version:5.x-1.x-dev
Component:Code
Category:support request
Priority:normal
Assigned:Unassigned
Status:closed (fixed)

Issue Summary

After enabling the module, the behaviour is as follows:
After enabling the module, I log-out to test the log-in proces.
The browser log-in form is presented as soon as I logout, but the user is not logged-in.

My settings:
Drupal 5.2
IIS 6.0
PHP 4.4.7 as ISAPI

Module settings:
HTTP with workaround
guest/guest loginname/password
Login: www.mysite.com/?q=user
All users have rights to access the site

Bypass filter is set to bybass node:front

User no 1 (admin) cannot access the site, so I have to delete the module on the server to be able to login/troubleshoot.

Anyone can help?
Thanx

Login or register to post comments

Comments

#1

Posted by NaX on August 16, 2007 at 2:57pm

I think your Bypass filter is incorrect, setting it to node:front should do nothing. You need to put one drupal path per a line, and for your front page use <front>.

But your say you are using IIS 6.0, I have never been able to test HTTP-AUTH with IIS. Try using the HTML login form. If the html login form works then you know securesites HTTP-AUTH does not work on IIS.

Also what browser are you using?

#2

Posted by clivesj on August 16, 2007 at 3:38pm

Thank you, Nax,
Indeed, The setting i used for the frontpage is .

Im using IE7 and FF2. The module fails on both. Teh HTML module is presented, but tells me that the user is unknown, so apperently it is not reaching the drupals-user database.

A pitty is the module is not working with IIS. I defenitly would appriciate the use of the module.

Regards,

#3

Posted by clivesj on August 16, 2007 at 3:49pm

ah, preview before submit.....
Indeed, The setting i used for the frontpage is <front>

The HTML form is presented, but

#4

Posted by NaX on August 16, 2007 at 4:23pm

To my knowledge securesite should work on IIS, I don’t see any reason it should not.
I can’t really help you when it comes to IE7 and IIS, because I don’t have access to them for testing.
But the HTML login form should work in FF2.

What can you do to change your server environment?
- Is their no way you can run the site on an Apache setup. Apache can be installed and run on Linux, Mac and Windows.
- Could you upgrade your PHP version? The lowest PHP version I have been able to test securesite on is 4.3.7, but that was with Apache on Linux.

I see you using the dev version; maybe try the stable version 5.x-1.0. If the stable version works then the dev version is broken and would need to be fixed.

Sorry I can’t be any more helpful.

#5

Posted by clivesj on August 17, 2007 at 4:33pm

I also tried the stable version.
I checked my php.ini files, and it seems that the values for Server"aut_passw", "aut_type", "aut_user" are not set. Is this something I have to look into??
Regards,
Clivesj

btw while reading securesite.module i saw that in line 413 the database tables are not enclosed in parantisys {}.

#6

Posted by NaX on August 20, 2007 at 6:57am
Title:Can not log-in» Can not log-in under IIS
Component:User interface» Code

Yes this may be something to look into. The only thing to be aware of is that securesite is expecting “PHP_AUTH_USER” and “PHP_AUTH_PW”

But that does not account for the HTML login form not working.

#7

Posted by Junyor on January 8, 2008 at 2:13pm

http://www.php.net/manual/en/features.http-auth.php#40445 talks about some settings necessary to get HTTP Auth working with IIS.

#8

Posted by NaX on January 9, 2008 at 10:55am

This is what I found on that page.

Also note that until PHP 4.3.3, HTTP Authentication did not work using Microsoft's IIS server with the CGI version of PHP due to a limitation of IIS. In order to get it to work in PHP 4.3.3+, you must edit your IIS configuration "Directory Security". Click on "Edit" and only check "Anonymous Access", all other fields should be left unchecked.

Another limitation is if you're using the IIS module (ISAPI) and PHP 4, you may not use the PHP_AUTH_* variables but instead, the variable HTTP_AUTHORIZATION is available. For example, consider the following code: list($user, $pw) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));

Note: IIS Note: For HTTP Authentication to work with IIS, the PHP directive cgi.rfc2616_headers must be set to 0 (the default value).

+ Comments:
http://www.php.net/manual/en/features.http-auth.php#42372
http://www.php.net/manual/en/features.http-auth.php#40445
http://www.php.net/manual/en/features.http-auth.php#18618

#9

Posted by Junyor on January 9, 2008 at 1:49pm

I was referring to the comment from rob at theblip dot com on 03-Mar-2004 08:47:

Regarding HTTP authentication in IIS with the php cgi 4.3.4, there's one more step. I searched mightily and didn't find this information anywhere else, so here goes. When using HTTP auth with the php CGI, you need to do the following things:

1. In your php.ini file, set "cgi.rfc2616_headers = 0"

2. In Web Site Properties -> File/Directory Security -> Anonymous Access dialog box, check the "Anonymous access" checkbox and uncheck any other checkboxes (i.e. uncheck "Basic authentication," "Integrated Windows authentication," and "Digest" if it's enabled.) Click OK.

3. In "Custom Errors", select the range of "401;1" through "401;5" and click the "Set to Default" button.

It's this last step that is crucial, yet not documented anywhere. If you don't, instead of the headers asking for credentials, IIS will return its own fancy but useless 'you are not authenticated' page. But if you do, then the browser will properly ask for credentials, and supply them in the $_SERVER['PHP_AUTH_*'] elements.

#10

Posted by Junyor on June 16, 2008 at 2:47am
Status:active» fixed

Added documentation about the cgi.rfc2616_headers setting. Let's see if that plus the fix for #28408: Authentication on PHP/CGI installations are enough to take care of this issue.

#11

Posted by Junyor on June 16, 2008 at 2:47am
Title:Can not log-in under IIS» Cannot log-in under IIS

#12

Posted by Anonymous (not verified) on June 30, 2008 at 2:55am
Status:fixed» closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.

nobody click here