FP97: FrontPage Requires Allow Anonymous or No NTLM on IIS

When you try to connect to a Microsoft Internet Information Server (IIS) 1.0, you may receive the following error message even though the server is configured to allow Basic Authentication and NT Challenge\Response.

Use of the NT Challenge\Response authentication header is made possible because FrontPage 97 can function as an ISAPI dll on an IIS 2.0 server.

FrontPage 97 does not install an ISAPI version of its extensions on an IIS 1.0 server because of irregularities in the IIS 1.0 implementation of ISAPI. FrontPage 97 cannot detect the server version until after it successfully retrieves a page or hits a script. In order to get the initial list, FrontPage must access the server as the anonymous Internet Guest account (IUSR_<machine_name>). If the server extensions can get the initial list of files from the IIS 1.0 server as the anonymous account, FrontPage can then accurately tailor its response to the IIS 2.0 server. However, if the anonymous account is denied access to fetch the list of Webs on the server, then the presence of the NT Challenge\Response in the www- authenticate header forces the FrontPage 97 client to display the error message.

To author or administer a FrontPage web on an IIS 1.0 server, do either of the following:

• Disable NT Challenge\Response Authentication
  
  -or-
• Enable the Allow Anonymous option

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

The FrontPage 97 installation routine on an IIS 1.0 server will enable Basic Authentication in if it is not enabled at installation time. This problem does not occur on IIS 2.0 servers.