IIS user authentication

From: Mike Garner (mgarner_at_western.edu)
Date: 10/10/03

• Next message: James: "Bogus Microsoft E-mail Alerts"
• Previous message: Michelle: "Getting the "Lock" to display for my secure pages"
• Next in thread: David Wang [Msft]: "Re: IIS user authentication"
• Reply: David Wang [Msft]: "Re: IIS user authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 9 Oct 2003 15:35:44 -0700

I'm tasked with migrating an iPlanet (Sun One) Web Server
to IIS 6.0. We're running a Server 2003 Native mode
Active directory, IIS 6.0 is running on Server 2003
Standard, a members server of the 2003 domain.

One of the features I most liked of the iPlanet product
was the ability to secure directories based upon client
IP, username/password or both. We could tie the
username/password part to any full-blown LDAP (except
A/D, which doesn't store the passwords in LDAP). With
IIS I'd like to replicate this functionality but tie the
user auth to active directory.

I've got the Digest Authentication working.
I also see how to authenticate based upon IP, but how do
I combine them? Here's how I'd like it to work:
1)Client browser requests a page from the protected
directory.
2)If the client is on a given ip(s), they are explicited
allowed regardless of the user. (Deny all, grant these
ips...)
3)If the client is denied because of IP, I'd like the
user to be prompted for authentication. Using Digest Auth
(I guess..) I'll check those credentials against Active
Directory.
4)For extra credit, I'd like the browser to provide a
single-signon. All our client workstations are WinXP Pro.
If the user is already logged onto the computer, I'd like
it to try the digest auth with the logged in credentials
first...

Is this possible with IIS 6.0? I can do steps 1-3 with
iPlanet (to my LDAP). So far I've only been able to get
IP OR User Auth working but not together in this desired
config.

Any advice or articles you can find would be most
appreciated. Thanks in advance

~Mike
email directly if you'd like:
mgarner@western.edu

---

• Next message: James: "Bogus Microsoft E-mail Alerts"
• Previous message: Michelle: "Getting the "Lock" to display for my secure pages"
• Next in thread: David Wang [Msft]: "Re: IIS user authentication"
• Reply: David Wang [Msft]: "Re: IIS user authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Server 2003 vs XP Pro ... IIS 6.0 is built in to Windows ... Server 2003, IIS 5.1 is built in to XP Pro, the core system files are ... How does that solve your wanting to learn Active Directory? ... (microsoft.public.windows.server.general) Re: Daily Mail Etiquette test result ... IIS 6 ... Validation of users against the Active directory ... After validation, user should be able to read ... Use Windows 20003 Server ... (uk.misc) Re: AD user name changed, IIS still sees old user name ... IIS definitely caches user tokens for performance reasons (can't be hitting ... We have an ASP.NET application running on Windows Server 2003, ... mapping application user accounts to active directory user accounts. ... (microsoft.public.inetserver.iis.security) RE: IIS Virtual Server Domains ... > I currently run Server 2003 Standard w/sp1 without Active Directory, ... > with local DNS and IIS 6. ... > Default SMTP Virtual Server. ... > do I delete the two 'custom domains'? ... (microsoft.public.windows.server.general) [NT] Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise ... This patch eliminates a newly discovered vulnerability affecting Internet ... in IIS 4.0 and 5.0, and could likewise be used to overrun heap memory on ... allowing code to be run on the server. ... * Microsoft has long recommended disabling HTR functionality unless there ... (Securiteam)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)