Re: Integrated Windows Authentication not working

From: Stephen L Nicoud (nicouds@hotmail.com)
Date: 05/12/02

• Next message: bubbapcguy: "Re: Is someone trying to hack my IIS server?"
• Previous message: Andrew: "Re: Firewall software on stand alone servers running IIS 5"
• In reply to: MHughes: "Integrated Windows Authentication not working"
• Next in thread: Michael: "Re: Integrated Windows Authentication not working"
• Reply: Michael: "Re: Integrated Windows Authentication not working"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 11 May 2002 15:48:01 -0700
From: Stephen L Nicoud <nicouds@hotmail.com>

MHughes wrote:
>
> I have a site with that I've set up to require SSL and have the following
> settings for authentication methods:
>
> Anonymous access - unchecked
> Basic authentication - checked
> default domain - local box
> Digest authentication - unchecked
> Integrated Windows authentication - checked
>
> Just to make sure the setting took, I rebooted my server.
>
> When I try to log into the site the certificate pops up and I select yes. I
> then expect a windows login box, but does not. I assume it is trying to use
> my domain account (which won't work because I've set up the site to accept
> only account on the local box) and never asks me to log in with different
> credentials.
>
> I have tried this outside of my domain and the same thing happend.
> Certificate process seems to work fine, but it never asks me to log in.
>
> I want to force the login box to come up. What am I doing wrong??

Is your web server a member of a domain or does it have a trust to the
domain that contains your user account?

Exactly how did you "set up the site to accept only account on the local
box"? Setting the "default domain" to the local box does not restrict
the site to only accounts that are local to the web server.

What are the NTFS permissions on the files you are trying to access?

If Integrated Windows Authentication (IWA) is selected and if Internet
Explorer (IE) is configured to allow IWA and if IE is configured to
submit credentials automatically for the IE security zone that contains
the host and if the user logged in to their computer with the same
account that is required to access the web-based content and if the user
does not have to go through a proxy server to reach the web server and
if the user's account has the "Access this computer from the network"
right on the web server, THEN IE will automatically submit credentials
(without prompting the user) and the user will gain access to protected
resources.

-- 
Reply to the newsgroup.

---

• Next message: bubbapcguy: "Re: Is someone trying to hack my IIS server?"
• Previous message: Andrew: "Re: Firewall software on stand alone servers running IIS 5"
• In reply to: MHughes: "Integrated Windows Authentication not working"
• Next in thread: Michael: "Re: Integrated Windows Authentication not working"
• Reply: Michael: "Re: Integrated Windows Authentication not working"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: IIS6 - Integrated Authentication Probs ... When you use Basic authentication, ... outlined in Chapter 5 of the IIS 6 Resource Kit: ... > b) - Despite the fact these credentials are being parsed, ... > Hence - this is a general problem with the way the web server is using my ... (microsoft.public.inetserver.iis.security) Re: Integrated Windows Authentication not working ... >>> my domain account (which won't work because I've set up ... >>Is your web server a member of a domain or does it have a ... >>submit credentials automatically for the IE security zone ... Windows Authentication, then IE will FIRST try to send the credentials ... (microsoft.public.inetserver.iis.security) Re: How to deny access to domain shares from a workgroup computer ... It makes sense to me, now that you clearly state it, that there is no need to trust the machine where the authentication is coming from. ... If he truly knew nothing about the domain, it is somewhat unlikely for him to have a local account whose name matches that of a domain account, although this is possible. ... user name and password sufficient credentials, ... It is just an authentication based on username and password; and authentication protocol designed to make it hard to intercept or decipher the authentication in transit; and a convenience mechanism for passing through under certain circumstances without an explicit prompt. ... (microsoft.public.windows.server.security) Re: How to deny access to domain shares from a workgroup computer ... If I take the example of Internet Explorer pass-through authentication: ... the authentication process is identical whether I am prompted and enter credentials, or whether my logged in credentials are passed-through ... It is just an authentication based on username and password; and authentication protocol designed to make it hard to intercept or decipher the authentication in transit; and a convenience mechanism for passing through under certain circumstances without an explicit prompt. ... By adding a prefix he is really saying "this version rather than that version of my account". ... (microsoft.public.windows.server.security) Re: Anonymous and NTLM ... This is by design, browsers will always attempt to connect anonymously, and ... base on authentication challenge header receive from web server, ... > the lowest credentials needed to complete a given resource request. ... (microsoft.public.inetserver.iis.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)