Hi,

If a certain sequence of bad logins is completed when logging in from an IE7
client to an IIS6 server using digest authentication, subsequent correct
logins will always fail because IE7 stops sending the user credentials.

Assume a user "root" with password "pass". Start a fresh IE7 and access a
server using digest authentication. In the login window that appears, enter
the following sequence of credentials:

1) User: "root", password: "root" (i.e. bad password)
2) User: "root", password: blank (i.e. empty input field)
3) User: blank, password: blank

At this point you get the 401 Unauthorized message in the browser window.
Now access the same URL again, but enter the correct user credentials: you
will not be able to log in.

A network trace reveals that IE7 does not send any "Authorization" field
(containing the user credentials) in the GET request (and not in any
subsequent requests either, for that matter). A browser restart remedies the
situation.

This does not happen for all variants of three bad logins. I have not
checked whether it also affects the ability to log in to servers other than
the one used to exhibit the bug.

----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.

http://www.microsoft.com/communities...plorer.general

A minor addition to my previous post: If I perform a successful login to
another server using digest authentication after the bug has appeared, then
accessing the first server will work fine and I won't even be prompted with a
login window.

Thus, restarting IE is not the only way out of the situation (not that a
user would know this when it happens, however).