RE: Name mapping : 1 certificate, multiple user accounts
From: Michael Laing (mdonlinelaing@microsoft.com)
Date: 10/01/02
- Next message: Gerald: "Secure my IIS"
- Previous message: Gerald: "Auth_USER var, IIS, web-pages and Netegrity"
- In reply to: fustinoni: "Name mapping : 1 certificate, multiple user accounts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: mdonlinelaing@microsoft.com (Michael Laing) Date: Tue, 01 Oct 2002 18:13:07 GMT
Hi Patrick,
If you have Basic Authentication disabled in IIS, then you were not
prompted with a Basic prompt. Do you have Integrated Windows
Authentication selected? If so, you were probably prompted by that.
Integrated authentication will prompt if the prerequisites for transparent
authentication are not being met. This article outlines the prerequisites:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q258063
An Integrated prompt differs from a Basic prompt in that an Integrated
prompt will have a Domain field in addition to Username and Password. Was
this what you were seeing?
Michael Laing
Microsoft Developer Support
Internet Information Server
***********************
>>Please do not send email directly to this alias. This is an online
account name for newsgroup participation only.<<
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.
© 2002 Microsoft Corporation. All rights reserved.
***********************
--------------------
| Content-Class: urn:content-classes:message
| From: "fustinoni" <patrick.fustinoni@atosorigin.com>
| Sender: "fustinoni" <patrick.fustinoni@atosorigin.com>
| Subject: Name mapping : 1 certificate, multiple user accounts
| Date: Tue, 1 Oct 2002 03:07:11 -0700
| Lines: 30
| Message-ID: <cb5701c26932$4f326820$37ef2ecf@TKMSFTNGXA13>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcJpMk8yhOFwl9zGRBai3Wc+Yq9oUw==
| Newsgroups: microsoft.public.inetserver.iis.security
| NNTP-Posting-Host: TKMSFTNGXA13 10.201.226.41
| Path: cpmsftngxa06!cpmsftngxa09
| Xref: cpmsftngxa06 microsoft.public.inetserver.iis.security:10893
| X-Tomcat-NG: microsoft.public.inetserver.iis.security
|
| Hi,
|
| While using AD name mapping into IIS Server, I made a
| mistake : I mapped one certificate on two different user
| accounts.
|
| When trying to connect to my web site, I was told by my
| browser to chose a certificate (all right). I choose the
| certificate I'm speaking about. This certificate was
| accepted by IIS, but then, my browser displayed the popup
| for basic authentication (basic authentication was
| inactivated on my web site ! ).
|
| I think IIS found 2 users in AD corresponding to that
| certificate, and was unable to chose the right one. Then,
| IIS downgraded from strong auhentication to basic
| authentication in order to force me to chose the right
| account.
|
| Is this the real behaviour of IIS in these
| circumstancies ? Is there some information about that on
| Microsoft Web Site (I didn't find any).
|
| Why is it possible to map one certificate on two different
| user accounts without beeing warned about ?
|
| Thank's for your informations.
|
| P. FUSTINONI
|
|
- Next message: Gerald: "Secure my IIS"
- Previous message: Gerald: "Auth_USER var, IIS, web-pages and Netegrity"
- In reply to: fustinoni: "Name mapping : 1 certificate, multiple user accounts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
