Re: IIS authentication using windows domain accounts

From: Tom Kaminski [MVP] ((A_at_T))
Date: 04/28/03

  • Next message: Jeff Cochran: "Re: hacked or monitored?" 
    Date: Mon, 28 Apr 2003 12:07:14 -0400

    "Phil" <google@hawksworx.com> wrote in message
    news:e126eb70.0304280649.486f8777@posting.google.com...
    > I am using Integrated Windows Authentication in IIS5 on an Intranet
    > to gather user details and pass them on where needed.
    >
    > Initially this seemed to work fine but I have learned that most users
    > are being prompted for their login details. This seems to be happening
    > because their accounts are not being granted access to the secured
    > directory.
    >
    > Does this option not simply check that the user is trusted in the domain?
    > I am struggling to see anywhere that I am allowing some users access while
    > denying others.
    >
    > Can anyone shed some light on this?

    Are you saying that they are 1) being prompted but then let in, or 2) are
    they denied access?

    If it's #1 then it's IE causing the problem:
    In IE, Go to Tools -> Internet Options -> Security -> Custom Level -> User
    Authentication -> Logon and make sure it's not prompting for intranet use.
    You can add your domain or IP to the no proxy setting to get IE to recognize
    it as the intranet. Tools -> Internet Options -> Connections -> LAN
    Settings -> Advanced

    For security configuration you need to go Tools > Internet Options >
    Security > Local intranet > Sites... > Advanced > Add this web site or IP to
    the zone

    If it's #2 then they don't have permission to the content:
    http://www.microsoft.com/windows2000/en/server/iis/

    Microsoft Internet Information Server
         Administration
             Server Administration
                 Security
                     Authentication
                     Access Control

    HOW TO: Configure IIS 5.0 Web Site Authentication in Windows 2000
    http://support.microsoft.com/?id=310344
    HOW TO: Configure User and Group Access on an Intranet in Windows 2000 or
    Windows NT 4.0
    http://support.microsoft.com/?id=325358 

    -- 
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsserver2003/community/centers/iis/
  • Next message: Jeff Cochran: "Re: hacked or monitored?"

    Relevant Pages

    • Re: URGENT - Very Puzzled - IIS Authentication
      ... Juan T. Llibre, asp.net MVP ... instruct your users to go to http://sguk-web1 to enter the intranet. ... I have just deployed our shiny new ASP.NET 2 Intranet app and want to use Integrated windows ... authentication at IIS level with "windows" authentication in web.config. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: Integrated Authentication Problem
      ... IE has a simple logic to determine if an URL is in the Intranet or the ... > - Web Server and all clients are on the same domain. ... > - Windows 2000 on all clients and servers. ... > - We're NOT using Kerbos Authentication. ...
      (microsoft.public.inetserver.iis.security)
    • Re: Intermittent access to web site secured with Windows authentication
      ... the other server in our office with Windows ... > Windows Authentication is connection-based and not delegatable. ... > useful primarily in intranet scenarios, like when you are at work. ...
      (microsoft.public.inetserver.iis.security)
    • Re: User NT Authentication
      ... intranet environment but certain security guideline need ... >> authentication token to ensure that the user has logged ... >> environment variable on the server ... >Windows Integrated authentication if you're on an ...
      (microsoft.public.inetserver.iis.security)
    • Re: Change in ASP.Net authentication between Win2000 and Win2003
      ... > is turning on/off Kerberos is occuring. ... It control how IE deals with "Authentication: ... when you put IIS6 in a domain and have "Integrated Windows Authentication" ...
      (microsoft.public.windows.server.security)