Problem Automatically Authenticating
From: Phil Judt (philj@americantool.com)
Date: 11/06/02
- Next message: Richard May: "IIS5: Non Anonymous Access, using Windows Login Username"
- Previous message: Karl Levinson [x y] mvp: "Re: Insufficient encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Phil Judt" <philj@americantool.com> Date: Wed, 6 Nov 2002 07:33:51 -0800
I'm doing a similar thing, but the problem I have is that
I am forced to use the fully qualified domain name to
access the server (ie. http://intranet.domain.com vs.
http://intranet) since my company has multiple internal
domains. This causes the login prompt to come up even if
the user has logged into the Windows domain already. The
NTLM pass-through doesn't work. Does anyone know a fix
for this?
>-----Original Message-----
>You need to enable Windows/Integrated authentication on
the website(s)
>concerned. You should also disable anonymous access and
basic
>authentication. Right click the web site/virtual
directory, look at the
>directory security tab and check/uncheck the appropriate
options.That way
>the clients will authenticate transparently using
Kerberos or NTLM.
>The IIS servers will need to be in the same domain as the
users or in a
>domain that trusts the domain with the user accounts.
>
>For ASP.NET apps you will also need to edit the
web.config file to enable
>Windows authentication for that app.
><system.web>
> <!-- mode=[Windows|Forms|Passport|None] -->
> <authentication mode="Windows" />
></system.web>
>This allows IIS to pass through the Windows/AD
credentials to the ASP.Net
>application.
>See:
>http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/vsent7/html
>/vxconASPNETAuthentication.asp
>
>--
>Ian Hellen
>Principal Consultant, BCC Security Solutions
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>Use of included script samples are subject to the terms
specified at
>http://www.microsoft.com/info/cpyright.htm.
>Please do not send email directly to this email address,
This address is for
>newsgroup purposes only.
>
>
>"Aamir Memon" <amemon1@hotmail.com> wrote in message
>news:5baa01c28394$82fc81a0$3aef2ecf@TKMSFTNGXA09...
>> I am designing an browser-based Interanet application
for
>> a client. Its a secure application and few
people/groups
>> within the company will have access to it. However,
>> client doesn't want people to login to this application,
>> system should be able to automatically authenticate
users
>> since they are already logged on to the Windows 2000
>> active directory domain. Client is willing to create
>> Active directory groups for each role (managers, Full
>> Access Users, Limited Access Users, etc). What is my
best
>> option to achive this?
>>
>> Server: Windows 2000 Server with active directory.
>> Client: All clients are Windows 2000 Professional with
IE
>> 5.
>> Application: ASP.Net with VB.Net
>> Storage: Microsoft SQL Server 2000
>>
>>
>
>
>.
>
.
- Next message: Richard May: "IIS5: Non Anonymous Access, using Windows Login Username"
- Previous message: Karl Levinson [x y] mvp: "Re: Insufficient encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
