Benjamin Day Consulting, Inc.: The Blog

When I do development work for clients who don't have their own development server, I set up a IIS virtual host on my server so that I can post iterations for them to review.  Every client gets its own domain name like http://clientName.benday.com.  It's a pretty cool feature of IIS that allows you to host lots of different web sites on a single server with a single IP address. 

I've been doing some maintenance work for a client lately and on Friday I needed to post the demo.  I deployed the app and tried checking it using Internet Explorer from the server.  It prompted me to log on.  That's weird, I'm logged on locally and this app is configured to use Windows (NTLM) authentication.  I typed in my username and password anyway and got “HTTP 401.1 - Unauthorized: Logon Failed“.  That's impossible.   I checked the file system permissions and re-checked the IIS permissions and it all looked good. 

There's an odd issue with domain names that have periods (“.“ or dots) in them: Internet Explorer won't send the Windows authentication info to the server if the domain name has periods in it.  I think this is totally stupid but I can see how this could be a halfway decent method for determining that you're accessing an intranet resource rather than an internet resource.  In order to fix this, you need to add the url to IE's “Local intranet“ or “Trusted sites“ group (Tools --> Options --> Security). 

Anyway, so I started wondering if IE had gotten misconfigured and had stopped sending credentials to the server.  This theory looked likely because the IIS logs didn't record my username for those 401.1 errors -- it just said “-“ in that spot in the log.  I played with the IE configuration for a while.  No luck.

Throughout all of this, I was googling like crazy trying to think of how to describe this question in a way that google could actually help out.  Nothing.  You know...that's one of the hardest things when you're trying to solve an IT problem -- if you don't exactly know what's wrong, it's really tough to ask the question in order to find the solution. 

Well, eventually I hit upon a Microsoft support article.  Turns out that Windows 2003's Service Pack 1 closes a security hole related to reflection attacks.  It sounds like when you make a request to IIS, something on the server checks to see if the host name is the name of the machine.  Since the name of my server isn't the same as the host header name for my client's IIS site, IIS pukes out a 401.  The fix for this is to edit the registry to tell the server what other names it should accept.

-Ben

I'm going to be speaking at VSLive Boston and VSLive Dallas on Team System and Team Foundation Server. 

The title of the talk is “Team Foundation Server: Beyond the GUI”.  Here's the abstract:

Did you know that Team Foundation Server (TFS) has an API to control, customize and consume almost any piece of TFS functionality, including version control, the build system and work items? Did you know that there’s a command-line interface to the version control system called “TF” with 33 sub-commands? When you go beyond the GUI, you’ll have a deeper understanding of TFS and its true capabilities. In this session, I will show you how to use the TFS API to integrate with and extend TFS. We’ll then dive into the TF command so you can become a TFS version control power user. 

I'm also doing a talk called “Serious ASP.NET 2.0 WebPart Customization“. 

Ever tried to customize how your ASP.NET WebParts look? Sure, you can change colors and fonts, but what if you want to change the layout? What if you need to put the WebPartVerb menu in a different place? That goes beyond simple tweaking; now you need custom WebPartChrome. In this session, I will do a deep-dive on the ASP.NET WebParts architecture and show you how to seriously customize your WebParts by creating your own WebPartChrome and WebPartZone, all without losing the benefits of personalization.

-Ben

--- Looking for training on Visual Studio Team System & Team Foundation Server?  Need some help customizing your process?  Contact us via http://www.benday.com.