Re: Integrated Authentication with SSL

From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 1 Dec 2006 18:36:39 +0000 (UTC)

You also have to add the fqdn to the "Intranet" zone list in IE - otherwise the credentials won't be sent automatically.

....or change the SSL Certificate to use the hostname only (if you only access the machine internally)

-----
Dominick Baier (http://www.leastprivilege.com)

Does the machine account have a servicePrincipalName registered in AD
for the fully qualified domain name? Something like HOST/mydomain.com
or HTTP/mydomain.com should work. That should get Kerberos
authentication working properly.

Joe K.

References:
- Re: Integrated Authentication with SSL
  - From: Joe Kaplan

Prev by Date: Re: Integrated Authentication with SSL
Next by Date: Re: web.config - encrypting details ASP .NET 1.1
Previous by thread: Re: Integrated Authentication with SSL
Next by thread: Re: Integrated Authentication with SSL
Index(es):
- Date
- Thread

Relevant Pages

Re: A little help (kerberos, netbios, and SPN... oh my!)
... I was able to get it working with Intranet sites. ... this should allow the credentials to be passed. ... IWA enabled, instead of the netbios name, I am prompted for a U/P. ... this will result in a login prompt, ...
(microsoft.public.inetserver.iis.security)
RE: Sharepoint prompts for credentials
... >> I created a sharepoint intranet. ... >> open the intranet the webparts fetch the information no problem. ... >> credentials it wont clear the credential box until the user hits cancel. ...
(microsoft.public.windows.server.general)
Re: Connect via ServerName but not by IP or FQDN
... I'd like my intranet clients to be able to connect ... How can I get it to resolve the FQDN for a SQL Server ... What do your intranet clients used to connect the SQL Server? ...
(microsoft.public.sqlserver.connect)
RE: Strange IIS Security issue
... 303650 Intranet Site Is Identified as an Internet Site When You Use an FQDN ... David Dietz -- IIS Support Professional ... |>site) without Anonymous access so I have set-up this one ...
(microsoft.public.inetserver.iis.security)
Re: A little help (kerberos, netbios, and SPN... oh my!)
... internet explorer see's the fqdn as a non trusted internet site and ... try adding the fqdn as a trusted site, ... should allow the credentials to be passed. ... this will result in a login prompt, the only problem is they must ...
(microsoft.public.inetserver.iis.security)