Re: Authenticate against all trusted domains... in IIS 6?
From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 10/15/04
- Next message: tec-jon: "Re: Authenticate against all trusted domains... in IIS 6?"
- Previous message: tec-jon: "Re: Authenticate against all trusted domains... in IIS 6?"
- In reply to: tec-jon: "Re: Authenticate against all trusted domains... in IIS 6?"
- Next in thread: tec-jon: "Re: Authenticate against all trusted domains... in IIS 6?"
- Reply: tec-jon: "Re: Authenticate against all trusted domains... in IIS 6?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 15 Oct 2004 10:41:35 +1000
That's not a particularly good way of doing it - what if you have lots of
domains? Or it takes a long time for 1 domain to reply?
The better solution is for users to authentication using user@domain or
domain\user (because that's what their credentials really are).
Cheers
Ken
"tec-jon" <tecjon@discussions.microsoft.com> wrote in message
news:0A0C2838-B840-4A90-AC6D-1775141DFAE2@microsoft.com...
> Seems like they could attempt to authenticate against all domains
> regardless
> of identical usernames. They would have to recieve a failure from all
> domains
> before the request would be failed. That way, if you had to users with the
> name "tom", one in each domain, it would try tom in the first domain and
> fail, but still try the second.
>
> Anyway, thanks for the link. I got the hotfix and it seems to work great.
>
> "Ken Schaefer" wrote:
>
>> You can call Microsoft for the hotfix mentioned in:
>> http://support.microsoft.com/kb/827991
>>
>> This functionality was removed because it caused problems in some cases
>> where there were user accounts in multiple domains that had the same
>> username (ie domain1\user and domain2\user). Because IIS doesn't know
>> which
>> domain the account is from, it needs to rely on the messages coming back
>> from the various DCs, and sometimes you'd get an access denied because
>> the
>> credentials weren't valid in one domain, but might have been valid in
>> another, however the DC from the first domain replied first (I think
>> that's
>> what the problem was...)
>>
>> Cheers
>> Ken
>>
>> "tec-jon" <tec-jon@discussions.microsoft.com> wrote in message
>> news:3846FB6E-5026-437C-B8F5-61130472785C@microsoft.com...
>> >I have a parent/child domain that I would like to have a basic
>> >authentication
>> > website on. They are both 2003 native domains. We would like our users
>> > to
>> > not
>> > have to use UPN or domain\user login formats. We have done a bit of
>> > research
>> > and came across the following article:
>> > http://support.microsoft.com/default.aspx?scid=kb;en-us;168908
>> > This would work great!... except that it makes no mention of IIS 6, and
>> > attempting the same procedure as IIS 5 doesn't seem to work in 6. Has
>> > Microsoft taken this extremely useful functionality away? Or have they
>> > just
>> > not written anything down on how to do it with 6 yet?
>>
>>
>>
- Next message: tec-jon: "Re: Authenticate against all trusted domains... in IIS 6?"
- Previous message: tec-jon: "Re: Authenticate against all trusted domains... in IIS 6?"
- In reply to: tec-jon: "Re: Authenticate against all trusted domains... in IIS 6?"
- Next in thread: tec-jon: "Re: Authenticate against all trusted domains... in IIS 6?"
- Reply: tec-jon: "Re: Authenticate against all trusted domains... in IIS 6?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
