Re: IIS Integrated Authentication and Windows XP clients problems
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 01/29/05
- Previous message: David Wang [Msft]: "Re: urlscan 2.5, IIS4 and FP98"
- In reply to: Matt: "Re: IIS Integrated Authentication and Windows XP clients problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 29 Jan 2005 01:41:29 -0800
That value is whatever SSPI gives IIS. SSPI is the security subsystem that
does the whole Integrated Authentication handshake. Literally, it is a black
box to IIS, and IIS simply follows the instructions, asking for more info as
the black box asks, etc, until it says success or failure, at which point
IIS can call another API to obtain the "user name".
Personally, I would use AUTH_USER.
FYI: all your questions actually have very little to do with IIS and a lot
to do with how overall Windows Security is configured on both the server and
client since it affects authentication protocol negotiation.
-- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Matt" <Matt@discussions.microsoft.com> wrote in message news:184BD16C-AAE6-4BF9-BBC3-9A65BBC0EE6D@microsoft.com... Thanks for your reply. Logging in is fine as user@upn-suffix. However, when you use something in ASP such as Response.Write(Request.ServerVariables("remote_user")) the output is written out as: Domain\user@upn-suffix. Is this right? "Ken Schaefer" wrote: > Users need to enter their name as either: > > Domain\Username > -or- > user@upn-suffix (where upn-suffix is a user-principal-name suffix defined in > Active Directory - I would check that the user is entering a valid AD > upn-suffix) > > Cheers > Ken > > "Matt" <Matt@discussions.microsoft.com> wrote in message > news:D41C4808-1B05-4F35-ADFF-2387B0457B47@microsoft.com... > > Hello, > > We have a number of intranet sites running on a Win2k IIS5 machine, and we > > use Integrated authentication to identify users. When logging into one of > > these sites from a Win2k client, users are presented with a username, > > password and domain box. They enter their username and password and can > > leave the domain empty and they are logged in. > > > > However, from an XP machine (from RTM to SP1 and 2), a username and > > password > > box appears (no domain). They enter their username and password, but it > > changes the username to fullyqualifieddomain.com\username. They have to > > login using username@mydomain.com. > > > > Since upgrading the webserver to Win2k SP4, it now sees XP users as > > DOMAIN\username@mydomain.com. The 2k users are unaffected. > > > > Am I missing something really simple or not doing something right? Any > > suggestions and guidance would be grately appreciated. > > > > Many thanks in advance. > > >
- Previous message: David Wang [Msft]: "Re: urlscan 2.5, IIS4 and FP98"
- In reply to: Matt: "Re: IIS Integrated Authentication and Windows XP clients problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
