Re: Windows Integrated Authentiction and IIS 6

From: D (anonymous_at_discussions.microsoft.com)
Date: 01/11/05 

Date: Tue, 11 Jan 2005 11:02:59 -0800

Thanks for the reply Tom.

I have seen that KB article. We have set up the site as a
Local Intranet Zone and the Automatic logon only in
Intranet zone is enabled, yet we find that behavior is
inconsistent. At times, the user still gets prompted for a
network login.

Would the fact that we are using SSL on this site make any
difference?

>-----Original Message-----
>"D" <anonymous@discussions.microsoft.com> wrote in message
>news:13bc01c4f2a1$55076160$a301280a@phx.gbl...
>> We are running IIS 6 on a Windows 2003 server. When
>> authentication is set to Windows Integrated, the user
>> always gets prompted with a network logon dialog as
though
>> authentication was set to Basic. After re-entering the
>> user name and password, they are allowed through to the
>> application.
>>
>> Using Basic or Anonymous authentication works properly.
We
>> have set appropriate access rights on the physical
>> directory so that should not be a problem.
>>
>> On a Windows 2000 server, Integrated authentication
works
>> as advertised, where the user gets authenicated against
>> their existing login and is passed through without an
>> additional prompt.
>>
>> Are their any additional settings one has to modify to
get
>> Integrated to work?
>
>It's an IE issue:
>http://support.microsoft.com/default.aspx?scid=kb;en-
us;258063
>
>
>.
>

Relevant Pages

  • Re: IIS Directory Security Settings
    ... the default settings is 'auto login for intranet zone'. ... you server belong to this zone it will not prompt you. ... in the user authentication section. ...
    (microsoft.public.inetserver.iis.security)
  • Re: authentication - what is being used
    ... >understand authentication. ... >settings in IE from which one might choose Anonymous, Automatic logon only ... >authentication settings are. ... >that they have Automatic logon only in Intranet zone. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: How to deny access to domain shares from a workgroup computer
    ... If I take the example of Internet Explorer pass-through authentication: ... the authentication process is identical whether I am prompted and enter credentials, or whether my logged in credentials are passed-through ... It is just an authentication based on username and password; and authentication protocol designed to make it hard to intercept or decipher the authentication in transit; and a convenience mechanism for passing through under certain circumstances without an explicit prompt. ... By adding a prefix he is really saying "this version rather than that version of my account". ...
    (microsoft.public.windows.server.security)
  • Re: How to deny access to domain shares from a workgroup computer
    ... It makes sense to me, now that you clearly state it, that there is no need to trust the machine where the authentication is coming from. ... If he truly knew nothing about the domain, it is somewhat unlikely for him to have a local account whose name matches that of a domain account, although this is possible. ... user name and password sufficient credentials, ... It is just an authentication based on username and password; and authentication protocol designed to make it hard to intercept or decipher the authentication in transit; and a convenience mechanism for passing through under certain circumstances without an explicit prompt. ...
    (microsoft.public.windows.server.security)
  • Re: How to deny access to domain shares from a workgroup computer
    ... sufficient credentials, then it's fine. ... There isn't really any level of trust involved. ... If I take the example of Internet Explorer pass-through authentication: ... I think what you are describing is some changes in Prompt behaviour. ...
    (microsoft.public.windows.server.security)
Quantcast