integrated authentication not working from redirect
From: Danno (googlegroups@danno.mail.coppock.com)
Date: 12/20/02
- Next message: Chris Capell: "Multiple SSL Sites on a single IIS Server"
- Previous message: Sandy Wood: "RE: Auditing login attempts"
- Next in thread: Karl Levinson [x y] mvp: "Re: integrated authentication not working from redirect"
- Reply: Karl Levinson [x y] mvp: "Re: integrated authentication not working from redirect"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: googlegroups@danno.mail.coppock.com (Danno) Date: 20 Dec 2002 10:46:30 -0800
I'm seeing strange auth behavior from the default IE 6, on XP Pro,
regarding HTTP redirects.
SITUATION: I configure IIS (5) on a server to require integrated
authentication (NTLM auth) for some page. I then try to access the
page from IE 6, on XP Pro.
[1] (WORKS OKAY) When the above page is accessed by the browser above,
and if the browser is in the same intranet security zone (as defined
in Internet options->Security->Local intranet->Sites), then the
Windows logon credentials are supplied, and the NTLM Automatic login
thing works great, no pop-up. The page is accessed.
[2] (WORKS OKAY) If I access cgi (also hosted in the same security
zone as the browser) that redirects (browser receives HTTP 302) to the
same site as in [1], again, all works okay. The browser sees the 302,
moves on to the NTLM-protected page, and again Automatic logon works
just fine.
[3] (FAILS) If the cgi that provides the redirect is considered to
NOT be on the same security zone (intranet) as the browser, after
moving to the protected page, the browser seems to refuse to
participate in the automatic logon process, and pops up the logon
dialog.
My question is why would IE care from where it was redirected. Is
this some new security behavior? I only see this on XP Pro. IE 6 on
NT, W2k, 98 seem to not care, and proceeds with the auto logon. Can
anyone add any clarification to what's going on here? Is there some
security thing that XP is trying to address. It's not immediately
clear how the source of the redirect is of concern. It should be
trivial to duplicate this scenario, to convince yourself of the
behavior. Any insight is greatly appreciated.
- Danno
- Next message: Chris Capell: "Multiple SSL Sites on a single IIS Server"
- Previous message: Sandy Wood: "RE: Auditing login attempts"
- Next in thread: Karl Levinson [x y] mvp: "Re: integrated authentication not working from redirect"
- Reply: Karl Levinson [x y] mvp: "Re: integrated authentication not working from redirect"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
