Hi all!
We have a really strange problem on our newly installed W2K8 servers with CF9. A short overview of the set up:
Server: W2K8 64-bit, IIS 7.5
CF-server: CF 9,0,1,274733 Standard Edition
The problem is that while htm-files is secured by folder security, cfm-files in the same folder are accessible for all users. We've disabled "Anonymous Access" and enabled "Windows Authentication" (with NTLM as first enabled provider) in IIS.
When monitoring the http-requests made for both the htm- and cfm-files we can see that both files behave the same in the two first steps of NTLM Authentication (as described here) but when the htm-file responds with a login prompt in step three (if you're not authorized), the cfm-file responds with a 200 response and the security rules of the folder/file doesn't seem to matter at all.
We've searched around the net and can't really find anything like our problem. Does anyone have a clue about what's going on here? Please let me know if you need more information.
Thanks in advance!
Regards,
Johan