Re: ASP security
From: Reza (Reza_at_discussions.microsoft.com)
Date: 05/25/05
- Previous message: Duane Laflotte: "Re: cryptographic service provider problem"
- In reply to: Duane Laflotte: "Re: ASP security"
- Next in thread: Ken Schaefer: "Re: ASP security"
- Reply: Ken Schaefer: "Re: ASP security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 May 2005 12:28:01 -0700
Hello
First of all thank you very much Duane for your reply. I am going to fully
explain my network here. I have two domains, domain A and B. They are in two
different forests. There is an outgoing trust from A to B so A trusts B and
can authenticate it's users but not vice versa. All domains are in win2003
functional level. Clients are WinXP. My IIS is in a computer in A , in domain
controller of A I have AzMan. My web application passes credentials of the
connected user to AzMan to check his acceess. Now we have 2 different
conditions:
1. If a user in A logs on to a computer in A his credentials will be passed
from IIS to azman and is authenticated successfully. Note that I ALWAYS get
user name password pop up window from IE. It does not matter I enter a user
from A or B to this window. As long as I have logged on to the computer with
a user from the same domain as computer is in, everything is fine.
2. If a user in A logs on to a computer in B or a user in B logs on to a
computer in A when the pop up window of IE appears regardless of whether you
enter user from A or B it will raise an error.
I hope I have clarified it fully.
Thanks.
Reza.
"Duane Laflotte" wrote:
> Reza,
> So let me see if I understand you correctly:
> 1. You have two domains (A & B). Are they NT Domains or 2K
> 2. You must have a trust between these domains because a user from
> domain b can login to a computer from domain A.
> 3. When you, as a User in A, hit the web application, from a computer
> in A, all works ok
> 4. When you, as a User in B, hit the web application, from a computer
> in A, you get the NT Login box? Is that what you mean by "It doesnt know my
> identity".
>
> I would say this can be caused by a few things. The first think I would
> look at is the rights of the files/virtual directory to make sure that users
> from Domain B have rights to view them. I'm assuming this is an intranet
> application that uses NTLM Auth? Which flavor of IIS are you using?
>
> Hope I can help,
>
> --
> Duane Laflotte
> MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
> dlaflotte@criticalsites.com
> http://www.criticalsites.com/dlaflotte
>
>
> "Reza" <Reza@discussions.microsoft.com> wrote in message
> news:9485B195-77C8-4FC0-9FDD-F25D68076577@microsoft.com...
> > Hi
> >
> > I have two domains A and B. I logon to a computer which is in domain A as
> a
> > user in domain B. When I connect to a web application in domain A it does
> not
> > know my identity. If I logon to the same computer as a user in its native
> > domain (domain A) everything is ok. Does somebody know in detail why this
> > happens?
> >
> > Thanks.
> > Reza.
>
>
>
- Previous message: Duane Laflotte: "Re: cryptographic service provider problem"
- In reply to: Duane Laflotte: "Re: ASP security"
- Next in thread: Ken Schaefer: "Re: ASP security"
- Reply: Ken Schaefer: "Re: ASP security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
