Re: IIS logon
From: "Jannie Hanekom" <no-one@localhost>
Date: Wed, 23 Apr 2003 20:39:20 +0100
Basic/Digest authentication will not prompt you for a domain name, as these
are Internet standards which do not know anything about the concept of
Windows Domains.
The browser has no way of knowing what OS the web server is running, so can
never know whether to prompt for a domain.
NTLM authentication dialogs will always prompt for a domain as well, since
these auth requests are Windows specific.
Your choices are:
* Use NTLM if you're not going through a firewall and use MS browsers
exclusively
* Use Basic and perform user education
* Change the default domain for Basic Authentication to the domain with the
users who generate most support calls
Jannie
Relevant Pages
- Re: How to deny access to domain shares from a workgroup computer
... If I take the example of Internet Explorer pass-through authentication: ... the authentication process is identical whether I am prompted and enter credentials, or whether my logged in credentials are passed-through ... It is just an authentication based on username and password; and authentication protocol designed to make it hard to intercept or decipher the authentication in transit; and a convenience mechanism for passing through under certain circumstances without an explicit prompt. ... By adding a prefix he is really saying "this version rather than that version of my account". ...
(microsoft.public.windows.server.security) - Re: How to deny access to domain shares from a workgroup computer
... It makes sense to me, now that you clearly state it, that there is no need to trust the machine where the authentication is coming from. ... If he truly knew nothing about the domain, it is somewhat unlikely for him to have a local account whose name matches that of a domain account, although this is possible. ... user name and password sufficient credentials, ... It is just an authentication based on username and password; and authentication protocol designed to make it hard to intercept or decipher the authentication in transit; and a convenience mechanism for passing through under certain circumstances without an explicit prompt. ...
(microsoft.public.windows.server.security) - Re: How to deny access to domain shares from a workgroup computer
... sufficient credentials, then it's fine. ... There isn't really any level of trust involved. ... If I take the example of Internet Explorer pass-through authentication: ... I think what you are describing is some changes in Prompt behaviour. ...
(microsoft.public.windows.server.security) - RE: Name mapping : 1 certificate, multiple user accounts
... If you have Basic Authentication disabled in IIS, ... Integrated authentication will prompt if the prerequisites for transparent ...
(microsoft.public.inetserver.iis.security) - Re: How to deny access to domain shares from a workgroup computer
... It makes sense to me, now that you clearly state it, that there is no need to trust the machine where the authentication is coming from. ... However, if you consider only user name and password sufficient credentials, then it's fine. ... It is just an authentication based on username and password; and authentication protocol designed to make it hard to intercept or decipher the authentication in transit; and a convenience mechanism for passing through under certain circumstances without an explicit prompt. ... By adding a prefix he is really saying "this version rather than that version of my account". ...
(microsoft.public.windows.server.security) |
|
