Re: Basic Authentication domains don't work properly
From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 03/30/04
- Previous message: Ken Schaefer: "Re: IIS 5.0 Integrated Authentication always looks locally than to the domian it has joined"
- In reply to: 3ryon 5utherland: "Basic Authentication domains don't work properly"
- Next in thread: Bernard: "Re: Basic Authentication domains don't work properly"
- Reply: Bernard: "Re: Basic Authentication domains don't work properly"
- Reply: 3ryon 5utherland: "Re: Basic Authentication domains don't work properly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Mar 2004 11:26:39 +1000
When the webserver says to the user "you need to authenticate", it lists a
set of acceptable authentication mechanisms configured on the server, in
order from the most prefered (the strongest/most secure) to the least
prefered (the weakest/least secure).
The browser picks the highest method that it supports.
So, if the users are using Internet Explorer, then IWA (either Kerberos, or
NTLM v2) will always be used instead of Basic. Only when you turn off IWA
will Basic be used.
Cheers
Ken
"3ryon 5utherland" <bryons@home.com> wrote in message
news:b80974e7.0403291508.657b4ec6@posting.google.com...
: Here is my setup:
: Web Server is in DomainAD, which I want all users to authenticate
: against when logging into the web site. Most users are logged into a
: machine using DomainNT, with a few users logged into DomainAD (we're
: in the early stages of an AD migration).
:
: I would like the web site to allow both Integrated Auth (for users who
: are already in DomainAD), and Basic Auth (for users who are still
: logged in to DomainNT). When I turn on Integrated and Basic (pointing
: to DomainAD) the DomainAD people work great, but the DomainNT people
: must type in DomainAD\Username for their login. Just typing in their
: user name does not work, it seems to ignore the hard coded Domain
: value. Most of these users won't be able to remember that.
:
: If I turn off Integrated Auth and just allow Basic Auth it uses the
: value specified in the Domain field, but this causes issues with the
: Search feature in Sharepoint, which is probably not an acceptable
: solution. Is there some reason that Basic Auth ignores the domain
: value it's pointed to when Integrated Auth is also enabled? Is there
: a way to get around it?
- Previous message: Ken Schaefer: "Re: IIS 5.0 Integrated Authentication always looks locally than to the domian it has joined"
- In reply to: 3ryon 5utherland: "Basic Authentication domains don't work properly"
- Next in thread: Bernard: "Re: Basic Authentication domains don't work properly"
- Reply: Bernard: "Re: Basic Authentication domains don't work properly"
- Reply: 3ryon 5utherland: "Re: Basic Authentication domains don't work properly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
