Valid users cannot connect to the Web

When you attempt to connect to a FrontPage Web with a valid user account that has been given author or administrator rights, you may be prompted for user credentials three times. You receive an error message similar to the following: With the same user account, you can connect to the resources through the Network Neighborhood or through Universal Naming Convention (UNC) paths. You can also access those shares across the network that you have been given permission to access.

This behavior occurs when the valid user account is from a trusted domain. When trying to authenticate to an intranet Web server from a different domain with Windows Challenge/Response enabled, the browser attempts to authenticate the user using the security token created at the logon process in their home domain. Although NTLM is a much more secure means of authenticating users, this behavior causes problems with authenticating to a resource on another domain. This issue is commonly referred to as "double-hop" authentication.

The problem with double-hop authentication is that NTLM does not allow a user's rights to be delegated beyond the server they initially log on to. When you log on to your domain, and then attempt to log on to the FrontPage Web on the other domain, the server is unable to pass the credentials to the Web server.

To resolve the issue, use either of the following methods.

Method 1: Basic Authentication

1.	Enable Basic Authentication on the Web server.
2.	Give the user or user group the "log on locally" rights to the Web server, as required for Basic Authentication.

Note Basic Authentication sends user names and passwords over the network in Base 64 encoding (Clear text). Microsoft recommends that any site that uses Basic Authentication should secure the authentication requests by using SSL.

Method 2: Digest Authentication

For additional security over Basic Authentication without using SSL, set up Digest Authentication.

For additional information about Digest Authentication, click the article numbers below to view the articles in the Microsoft Knowledge Base:

For more information about authentication, click the following article numbers to view the articles in the Microsoft Knowledge Base: For more information about how to generate a certificate request file by using the Certificate Wizard in IIS, click the following article number to view the article in the Microsoft Knowledge Base: For more information about how to install a new certificate with Certificate Wizard for use in SSL/TLS, click the following article number to view the article in the Microsoft Knowledge Base: For more information about how to set up SSL by using IIS 5.0 and Certificate Server 2.0, click the following article number to view the article in the Microsoft Knowledge Base: