Re: IIS Authentication

From: Thomas Deml [MS] (
Date: 10/06/02

From: "Thomas Deml [MS]" <>
Date: Sun, 6 Oct 2002 02:45:19 -0700

You are using Basic auth I guess.

IE caches credentials on a per domain basis and this is a good thing. There
is nothing IIS can do about it. IE doesn't send the credentials to because it would be a huge security hole. How should IE
know that the same guy that runs also runs

IIS has to challenge for credentials and as a result IE pops up the
dialogbox. If IE wouldn't do that it would send credentials to completely
unrelated sites.

A solution would be to use cookie-based authentication. I think the cookie
standard allows to ignore the 2nd level domain.

Hope this helps.

Thomas Deml
Lead Program Manager
Internet Information Services
Microsoft Corp.
"Mario Smit" <> wrote in message
> Hi,
> I have two domains for example: and
> Both sites use authentication and are
> available for the same NT-usergroup. I want the user to
> logon only once not twice for both site1 and site2.
> I set up authentication and it works fine. Only IE pops
> up for a second time when I want to go from site1 to
> site2. Is this because the realm is not the same?
> We are using IIS 5.0 on Windows 2000 Advanced Server.
> Any help will be greatly appreciated.
> Best regards,
> Mario Smit

Relevant Pages

  • Re: shared folder access
    ... >account delegation from your physical server running IIS ... >Your first option is to use Basic Authentication in IIS ... >This will remove the UNC user token credentials ...
  • Re: Active Directory Authentication in IIS 6
    ... I just installed ldp.exe and have no problems using the same credentials ... used in the code to connect and bind. ... settings in IIS, but I am not sure where to look. ... and Integrated Windows Authentication is checked. ...
  • Re: IIS6 - Virtual Directory to URL share, authentication problems.
    ... passing credentials across from webserver -> remote file server ... requires Kerberos (if IIS doesn't have the user's password), ... you won't get automatic logon. ... is that the "secure" authentication mechanisms do ...
  • Making .net handle IIS authentication (not simple)
    ... authentication systems. ... The new section uses an ISAPI plugin to handle authentication, IIS does the ... or that I can have issue credentials that IIS will accept. ... want them to get the standard aspx login form I have created, ...
  • Re: NT Authentication with ASP
    ... Without credentials, IIS will assume anonymous access. ... If Anonymous authentication is enabled, ... unless the browser has already authenticated. ...