Re: IIS 5.0 Integrated Authentication always looks locally than to the domian it has joined

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 03/31/04 

Date: Wed, 31 Mar 2004 11:42:50 +1000

"Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message
news:c4bscu$4s016@kcweb01.netnews.att.com...
: "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
: news:%23$5DPNlFEHA.2512@TK2MSFTNGP10.phx.gbl...
: > And if your credentials don't work, and you need to manually type them
in,
: > you need to supply the domain name (either as Domain\Username, or as a
: User
: > Principal Name; user@domain). Otherwise IIS assumes you are attempting
to
: > authenticate to the local machine, not the Domain.
:
: Maybe this is the source of confusion - if your credentials *do* work (and
: don't need to type them in) then IIS uses the domain - which is all that
my
: point was.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

IIS only uses the domain if your credentials include the Domain. If I logon
using <machine>\LocalUser, then IIS is not going to "use the domain".

Likewise, if I logon to <Domain1>\User, and IIS is actually in Domain2, then
IIS isn't going to connect to the DCs for Domain2, even though IIS is in
that domain.

IIS does not "automatically logon to the domain". It uses whatever the
client computer sends. IE can send the credentials of the logged on user, or
the user can manually supply them. In neither case is the domain *that IIS
is in* automatically used.

Cheers
Ken

Relevant Pages

  • Re: Active Directory Authentication in IIS 6
    ... I just installed ldp.exe and have no problems using the same credentials ... used in the code to connect and bind. ... settings in IIS, but I am not sure where to look. ... and Integrated Windows Authentication is checked. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: IIS6 - Virtual Directory to URL share, authentication problems.
    ... passing credentials across from webserver -> remote file server ... requires Kerberos (if IIS doesn't have the user's password), ... you won't get automatic logon. ... is that the "secure" authentication mechanisms do ...
    (microsoft.public.inetserver.iis.security)
  • Re: custom page for user credentials?
    ... credentials against the various domains. ... after the user authenticates with IIS handling the SSPI Negotiation. ... possible for IIS6 to link a Passport user account to an AD user account -- ...
    (microsoft.public.inetserver.iis.security)
  • Re: Web Single Sign On
    ... Can Microsoft ISA Server solve such issues? ... current Windows credentials to the server, ... My web application sits on IIS located outside the domain. ... common identity is the user's username used to logon to the domain/active ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: AD queries. Please, prove me being wrong...
    ... If you want to impersonate the authenticated user ... Kerberos delegation in AD to allow the web app to have the rights to ... delegate the user's credentials to AD. ... means that you must ensure that you use IWA auth in IIS and ensure that IWA ...
    (microsoft.public.dotnet.framework.aspnet.security)