Re: what difference between Integrated Windows Authentication in IIS configuration and Active Directory

From: Di (dyw55a_at_yahoo.com)
Date: 01/30/05 

Date: 29 Jan 2005 20:27:52 -0800

Again, Ken - thanks for reply.

> 1. If web server (windows 2000) is in the same domain as A­ctive
> Directory, then you use IWA to authenticate username/passw­ord and
> doamin is actually using AD, right?

No - IWA is just a way of getting the credentials from clien­t (eg
browser)
to server (IIS)

If user enters Domain\Username then you will attempt to auth­enticate
against
AD
If user enters Machine\Username then you will attempt to aut­henticate

against the local accounts database on IIS

Di: What happen if you only let user enter username instead of Domain
or Machine before the username? I assume when you check IWA, then it
automatically attempt to authenticate against AD. If it failed, then
authenticate against the database on IIS, right?

> 2. If web server is in the different domain from AD, then ­you use
IWA
> means you authenticate the username/paswword and domain th­rough
> whereever domain the web server locate and you could not r­eally use
AD,
> right?

I'm not sure I understand what you are saying here. Are you ­talking
about an
NT domain? All other domains (Windows 2000, Windows 2003) in­volve
Active
Directory. You can't have a Windows 2000/2003 domain without­ AD. If
you have
an NT domain -and- you have a trust relationship between the­ NT
domain and
AD domain, then you can use ADDomain\User or NTDomain\User

Di, Does Windows 2000 web server had to involve AD? I am sorry that
this must happen and it could not exist in some domain outside of AD
... ...

BTY, do you know what schema AD have and what the detail size or data
type for those AD attribute, such as First Name, Last Name, phone
number, etc? How hard to run complex query based on AD?
Thanks you very much for your help!

Relevant Pages

  • Re: Smartcard authentication in a multi-tier application
    ... side where the user enters the username and password and on the server ... implementation as we need the domain username and password of the PIN- ... since SC authentication on the Windows client results in a Kerberos ... ticket which can then be used to authenticate to the server. ...
    (microsoft.public.platformsdk.security)
  • Re: Dial up, how to authenticate to workplace corp network ?
    ... Windows server, this username is only used to authenticate the connection. ...
    (microsoft.public.windows.server.networking)
  • Re: Authentication question
    ... When a user connects to my ASP .NET app and provides it Windows credentials ... > For extract username you must enable ONLY windows autentication from iis ... >> to authenticate them using their current windows usernames and passwords. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: what difference between Integrated Windows Authentication in IIS configuration and Active Direct
    ... No - IWA is just a way of getting the credentials from client ... If user enters Domain\Username then you will attempt to authenticate against ... All other domains (Windows 2000, ...
    (microsoft.public.inetserver.iis.security)
  • Authenticating a Windows XP workstation to a 2000 Server
    ... I have a windows 2000 serve Sp4 with Active Directory. ... authenticate a windows XP workstation to the domain, I receive the username ... I am using the administrator account to authenticate. ...
    (microsoft.public.windows.server.networking)