Re: IIS 5.0 Integrated Authentication always looks locally than to the domian it has joined

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 03/31/04 

Date: Wed, 31 Mar 2004 11:46:25 +1000

"Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message
news:c4bs72$4rv17@kcweb01.netnews.att.com...
: "Bernard" <qbernard@hotmail.com.discuss> wrote in message
: news:eRY6uNjFEHA.580@TK2MSFTNGP11.phx.gbl...
: > If it's a DC, of coz it uses the domain,
: > if member server, you need domain\username syntax.
:
: Isn't that Basic authentication? Remember, if Windows Integrated
: is setup correctly you don't get prompted.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

No.

a) There is nothing to configure with Windows Integrated Authentication that
somehow allows you to "avoid being prompted". That is out of the control of
the webserver. It is entirely up to the browser to determine if the current
logged on credentails are passed to the server. Mozilla, for example,
supports IWA (via NTLM v2), and never automatically sends credentials.

b) Regardless of whether you use Basic or IWA, if you *do not supply a
domain*, then IIS will authenticate you against the local accounts database.
On a DC, then this is the domain user accounts database. If a member server,
then the local member server's accounts database. Basic authentication does
provice a mechanism to override this (authenticate to the Domain by default)
but IWA DOES NOT provide this functionality.

Cheers
Ken

Relevant Pages

  • Re: kerberos!
    ... win2003 and winXPPro) is IWA (Integrated Windows Authentication). ... IWA is a mixture of several protocol where the strongest is attempted ... Fall back to weaker protocols ... in NTLMv3 the Password hash is still consistent. ...
    (NT-Bugtraq)
  • Re: IE7 and Companyweb Authentication
    ... Site (Companyweb) when connected to our SBS 2003 server using Remote Web Workplace and Internet Explorer 7. ... When selecting to "Use My Company's Internal Web Site" IE7 users receive a HTTP 500 error stating "The Web Site Can Not Display The Page". ... Investigation of this problem on the web seems to indicate that this is probably due to how IE7 authenticates using Integrated Windows Authentication (IWA). ...
    (microsoft.public.windows.server.sbs)
  • Re: User authorisation
    ... Yes I do get a indows asking for authentication, ... trying different usernames and passwords I've determind ... that the member server only accepts a local logon(on the ...
    (microsoft.public.windows.server.general)
  • Re: Certsrv Page not authenticating with IE
    ... The IIS logfiles are located in ... but what does IWA stand for? ... :>: windows integrated authentication. ... but the registration request will not complete. ...
    (microsoft.public.inetserver.iis.security)
  • Integrated Windows Authentication with ADSI calls on ASP pages
    ... I have a web site that I would like to use Integrated ... Windows Authentication (IWA) to authenticate users. ... with Basic Authentication or Anonymous Access. ...
    (microsoft.public.inetserver.iis.security)