Re: IIS Authentication
From: Thomas Deml [MS] (email@example.com)
- Next message: Thomas Deml [MS]: "Re: problems with iis and ssl"
- Previous message: Thomas Deml [MS]: "Re: digest authentication"
- In reply to: Mario Smit: "IIS Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Thomas Deml [MS]" <firstname.lastname@example.org> Date: Sun, 6 Oct 2002 02:45:19 -0700
You are using Basic auth I guess.
IE caches credentials on a per domain basis and this is a good thing. There
is nothing IIS can do about it. IE doesn't send the credentials to
site2.neximus.com because it would be a huge security hole. How should IE
know that the same guy that runs site1.neximus.com also runs
IIS has to challenge for credentials and as a result IE pops up the
dialogbox. If IE wouldn't do that it would send credentials to completely
A solution would be to use cookie-based authentication. I think the cookie
standard allows to ignore the 2nd level domain.
Hope this helps.
-- Thomas Deml Lead Program Manager Internet Information Services Microsoft Corp. "Mario Smit" <email@example.com> wrote in message news:fd5c01c26a35$26bff340$3bef2ecf@TKMSFTNGXA10... > Hi, > > I have two domains for example: site1.neximus.com and > site2.neximus.com. Both sites use authentication and are > available for the same NT-usergroup. I want the user to > logon only once not twice for both site1 and site2. > > I set up authentication and it works fine. Only IE pops > up for a second time when I want to go from site1 to > site2. Is this because the realm is not the same? > > We are using IIS 5.0 on Windows 2000 Advanced Server. > > Any help will be greatly appreciated. > > Best regards, > > Mario Smit