Re: IIS Authentication

From: Thomas Deml [MS] (
Date: 10/06/02

From: "Thomas Deml [MS]" <>
Date: Sun, 6 Oct 2002 02:45:19 -0700

You are using Basic auth I guess.

IE caches credentials on a per domain basis and this is a good thing. There
is nothing IIS can do about it. IE doesn't send the credentials to because it would be a huge security hole. How should IE
know that the same guy that runs also runs

IIS has to challenge for credentials and as a result IE pops up the
dialogbox. If IE wouldn't do that it would send credentials to completely
unrelated sites.

A solution would be to use cookie-based authentication. I think the cookie
standard allows to ignore the 2nd level domain.

Hope this helps.

Thomas Deml
Lead Program Manager
Internet Information Services
Microsoft Corp.
"Mario Smit" <> wrote in message
> Hi,
> I have two domains for example: and
> Both sites use authentication and are
> available for the same NT-usergroup. I want the user to
> logon only once not twice for both site1 and site2.
> I set up authentication and it works fine. Only IE pops
> up for a second time when I want to go from site1 to
> site2. Is this because the realm is not the same?
> We are using IIS 5.0 on Windows 2000 Advanced Server.
> Any help will be greatly appreciated.
> Best regards,
> Mario Smit