HTTP错误401.2 - 未经授权 [英] HTTP Error 401.2 - Unauthorized

问题描述

尝试使用Windows集成身份验证访问其中一个geneva框架测试站点时，我遇到了上述错误 - PassiveRedirectBasedClaimsAwareWebApp。我可以在我已经设置的虚拟机环境中成功访问它但是尝试在不同的环境中运行相同的东西是失败的。

我试图让所有东西都一样 - 所有浏览器设置（例如用户身份验证）和所有安装的身份验证组件（至关重要的是Windows身份验证）并检查是否存在正确的模块。

我正在使用Geneva Server Beta 2运行Windows Server 2008。我成功地重定向到FederationPassive登录页面，在那里我选择我想要使用Windows身份验证，然后当它尝试进入IntegratedSignin页面时，我收到错误。完整错误信息如下：

错误摘要

HTTP错误401.2 - 未经授权

您是由于身份验证标头无效而无权查看此页面。

I'm getting the above error when attempting to access one of the geneva framework test sites - PassiveRedirectBasedClaimsAwareWebApp - using Windows Integrated authentication. I can access it successfully in a virtual machine environment that I've got set up but attempting to run the same thing in a different environment is failing.

I've attempted to make everything the same - all the browser settings (such as user authentication) and all the authentication components installed (crucially windows authentication) and checked that the correct modules are there.

I'm running Windows Server 2008 with Geneva Server Beta 2. I get successfully redirected to the FederationPassive login page where I select that I want to use windows authentication and then when it attempts to get to the IntegratedSignin page I get the error. Full error information below:

Error Summary

HTTP Error 401.2 - Unauthorized

You are not authorized to view this page due to invalid authentication headers.

详细错误信息

Module	IIS Web Core
通知	AuthenticateRequest
Handler	PageHandlerFactory-Integrated
错误代码	0x80070005

Module	IIS Web Core
Notification	AuthenticateRequest
Handler	PageHandlerFactory-Integrated
Error Code	0x80070005

推荐答案

最有可能的原因是：

• 没有身份验证协议（包括匿名） ）在IIS中被选中。


• 仅启用了集成身份验证，并且使用了不支持集成身份验证的客户端浏览器。


• 启用集成身份验证，并通过代理发送请求，该代理在到达Web服务器之前更改了身份验证标头。


• 未配置Web服务器进行匿名访问，并且未收到所需的授权标头。


• "configuration / system.webServer / authorization"配置部分可以明确地拒绝用户访问。

Most likely causes:

• No authentication protocol (including anonymous) is selected in IIS.
• Only integrated authentication is enabled, and a client browser was used that does not support integrated authentication.
• Integrated authentication is enabled and the request was sent through a proxy that changed the authentication headers before they reach the Web server.
• The Web server is not configured for anonymous access and a required authorization header was not received.
• The "configuration/system.webServer/authorization" configuration section may be explicitly denying the user access.

这篇关于HTTP错误401.2 - 未经授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！