Re: IIS Authentication
From: Desmond Lam [msft] (deslam_at_online.microsoft.com)
Date: 09/22/03
- Next message: Paul Lynch: "Re: Please read"
- Previous message: Desmond Lam [msft]: "Re: Integrated security with domain accounts"
- In reply to: Dave Robinson: "Re: IIS Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 22 Sep 2003 17:15:25 +0800
Hi Dave,
Are you accessing the website using http://computername/ or
http://some.fqdn.address ?
If you are using the latter, and if your browser is configured with proxy,
make sure you add the fdqn address in the bypass proxy list. If the IE is
not configure to use any proxy, you can workaround the problem by adding a
dummy proxy entry and then add the fqdn address in the bypass list.
With regards to logon auditing issye, there are 2 KBs which I beleive is
useful to you. I have provide the links to the articles below:
HOW TO: Enable IIS Logging Site Activity in Windows 2000
http://support.microsoft.com/?id=300390
HOW TO: Enable and Apply Security Auditing in Windows 2000
http://support.microsoft.com/?id=300549
Hope it helps,
Desmond
"Dave Robinson" <drobinson@endtoend.com> wrote in message
news:de1cc84c.0309190606.3d7cfc2f@posting.google.com...
> > > 2. I've tried checking only Integrated Authentication. I'm logged
> > > into the domain. When I access the page, I'm prompted again. In this
> > > scenario, I thought Kerberos should transparently authenticate me as
> > > long as I'm logged in.
> > >
> >
> > [Desmond] Yes it should be if you are already logon to the domain.
> > Integrated authentication in W2K environment includes Kerberos
(preferred)
> > and NTLM. Write a simple HTML webpage and test if the prompt comes out
> > again.
> >
> > > In either scenario, I don't see any errors in my event logs on either
> > > the AD controller, the IIS server, or my workstation. Any ideas?
> >
> > [Desmond] Did you enable auditing on "Account Logon" and "Logon Events"
on
> > the domain and domain controller security policy?
>
> Thanks for the reply Desmond, I've got Account Logon and Logon Events
> turned on both the IIS box and the AD box. I've also written a simple
> page for testing things. Whenever I go to this page, I get prompted.
> Once I login, things are fine, and I don't get prompted to go to other
> pages.
>
> The trouble is, I am getting prompted the first time. Once the prompt
> happens, I suspect that I have failed some sort of domain login
> verification and IIS is falling back to prompting me for
> authentication. In other words, IIS tried to determine whether or not
> I was logged onto the domain, and was either unsuccessful, or found
> that I was not logged in. I know I'm logged in, as all other domain
> functions work - including my login script running at the time of
> login. I must then suspect that for some reason, IIS was
> unsuccessfull in making any determination as to whether I was loggin
> or not. This is the error I thought I would see in an event log as
> some kind of Kerberos error (?) or something. How can I tell why this
> is failing on me?
- Next message: Paul Lynch: "Re: Please read"
- Previous message: Desmond Lam [msft]: "Re: Integrated security with domain accounts"
- In reply to: Dave Robinson: "Re: IIS Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
