Re: IIS Authentication

From: Thomas Deml [MS] (thomad@online.microsoft.com)
Date: 10/06/02

• Next message: Thomas Deml [MS]: "Re: problems with iis and ssl"
• Previous message: Thomas Deml [MS]: "Re: digest authentication"
• In reply to: Mario Smit: "IIS Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Thomas Deml [MS]" <thomad@online.microsoft.com>
Date: Sun, 6 Oct 2002 02:45:19 -0700

You are using Basic auth I guess.

IE caches credentials on a per domain basis and this is a good thing. There
is nothing IIS can do about it. IE doesn't send the credentials to
site2.neximus.com because it would be a huge security hole. How should IE
know that the same guy that runs site1.neximus.com also runs
site2.neximus.com?

IIS has to challenge for credentials and as a result IE pops up the
dialogbox. If IE wouldn't do that it would send credentials to completely
unrelated sites.

A solution would be to use cookie-based authentication. I think the cookie
standard allows to ignore the 2nd level domain.

Hope this helps.

--
Thomas Deml
Lead Program Manager
Internet Information Services
Microsoft Corp.
"Mario Smit" <m.smit@neximus.com> wrote in message
news:fd5c01c26a35$26bff340$3bef2ecf@TKMSFTNGXA10...
> Hi,
>
> I have two domains for example: site1.neximus.com and
> site2.neximus.com. Both sites use authentication and are
> available for the same NT-usergroup. I want the user to
> logon only once not twice for both site1 and site2.
>
> I set up authentication and it works fine. Only IE pops
> up for a second time when I want to go from site1 to
> site2. Is this because the realm is not the same?
>
> We are using IIS 5.0 on Windows 2000 Advanced Server.
>
> Any help will be greatly appreciated.
>
> Best regards,
>
> Mario Smit

---

• Next message: Thomas Deml [MS]: "Re: problems with iis and ssl"
• Previous message: Thomas Deml [MS]: "Re: digest authentication"
• In reply to: Mario Smit: "IIS Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: shared folder access ... >account delegation from your physical server running IIS ... >Your first option is to use Basic Authentication in IIS ... >This will remove the UNC user token credentials ... (microsoft.public.dotnet.framework.aspnet.security) Re: Active Directory Authentication in IIS 6 ... I just installed ldp.exe and have no problems using the same credentials ... used in the code to connect and bind. ... settings in IIS, but I am not sure where to look. ... and Integrated Windows Authentication is checked. ... (microsoft.public.dotnet.framework.aspnet.security) Re: IIS6 - Virtual Directory to URL share, authentication problems. ... passing credentials across from webserver -> remote file server ... requires Kerberos (if IIS doesn't have the user's password), ... you won't get automatic logon. ... is that the "secure" authentication mechanisms do ... (microsoft.public.inetserver.iis.security) Making .net handle IIS authentication (not simple) ... authentication systems. ... The new section uses an ISAPI plugin to handle authentication, IIS does the ... or that I can have asp.net issue credentials that IIS will accept. ... want them to get the standard aspx login form I have created, ... (microsoft.public.dotnet.framework.aspnet.security) Re: NT Authentication with ASP ... Without credentials, IIS will assume anonymous access. ... If Anonymous authentication is enabled, ... unless the browser has already authenticated. ... (microsoft.public.inetserver.asp.general)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.inetserver.iis.security  > 2002-10