Re: Basic Authentication domains don't work properly
From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 03/30/04
- Next message: Bernard: "Re: IIS5 HTTPS"
- Previous message: Bernard: "Re: favorites"
- In reply to: Ken Schaefer: "Re: Basic Authentication domains don't work properly"
- Next in thread: 3ryon 5utherland: "Re: Basic Authentication domains don't work properly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Mar 2004 17:12:04 +0800
And this is the kb explain the behavior..
INFO: How IIS Authenticates Browser Clients
http://support.microsoft.com/?id=264921
-- Regards, Bernard Cheah http://support.microsoft.com/ http://www.msmvps.com/bernard/ "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message news:Osh9NYfFEHA.4084@TK2MSFTNGP11.phx.gbl... > When the webserver says to the user "you need to authenticate", it lists a > set of acceptable authentication mechanisms configured on the server, in > order from the most prefered (the strongest/most secure) to the least > prefered (the weakest/least secure). > > The browser picks the highest method that it supports. > > So, if the users are using Internet Explorer, then IWA (either Kerberos, or > NTLM v2) will always be used instead of Basic. Only when you turn off IWA > will Basic be used. > > Cheers > Ken > > "3ryon 5utherland" <bryons@home.com> wrote in message > news:b80974e7.0403291508.657b4ec6@posting.google.com... > : Here is my setup: > : Web Server is in DomainAD, which I want all users to authenticate > : against when logging into the web site. Most users are logged into a > : machine using DomainNT, with a few users logged into DomainAD (we're > : in the early stages of an AD migration). > : > : I would like the web site to allow both Integrated Auth (for users who > : are already in DomainAD), and Basic Auth (for users who are still > : logged in to DomainNT). When I turn on Integrated and Basic (pointing > : to DomainAD) the DomainAD people work great, but the DomainNT people > : must type in DomainAD\Username for their login. Just typing in their > : user name does not work, it seems to ignore the hard coded Domain > : value. Most of these users won't be able to remember that. > : > : If I turn off Integrated Auth and just allow Basic Auth it uses the > : value specified in the Domain field, but this causes issues with the > : Search feature in Sharepoint, which is probably not an acceptable > : solution. Is there some reason that Basic Auth ignores the domain > : value it's pointed to when Integrated Auth is also enabled? Is there > : a way to get around it? > >
- Next message: Bernard: "Re: IIS5 HTTPS"
- Previous message: Bernard: "Re: favorites"
- In reply to: Ken Schaefer: "Re: Basic Authentication domains don't work properly"
- Next in thread: 3ryon 5utherland: "Re: Basic Authentication domains don't work properly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
