Re: Logging into website - remove log in box
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 06/12/05
- Previous message: Jeff Cochran: "Re: Can't get rid of localstart.asp"
- In reply to: mattastic: "Re: Logging into website - remove log in box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 11 Jun 2005 16:56:02 -0700
FYI: the issue is NOT about removing the login box. The issue is either:
1. you are making IIS require authentication when you do not need it
2. you need the client to auto-authenticate to the web server.
If you have #1, then enable anonymous authentication and disable any other
authentication in IIS. Assuming your anonymous username/password is
correctly configured in IIS, any user should access IIS web pages without
seeing a login box
If you have #2, then you need to configure IIS to require authentication,
disable anonymous authentication, and configure the browser to auto-login
with the current username/password. IIS will challenge for access, but
browser auto-login so no login box shows up.
Re: access to username/password on the server-side
Insecure authentication algorithms like Basic authentication actually sends
over the username:password, so you can retrieve it with AUTH_USER and
AUTH_PASSWORD. Secure authentication methods only send hashes that prove the
remote user knew the password but never sends the password over the
network -- so the server obviously has no way to retrieve the password --
only has the username.
-- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "mattastic" <mattastic@discussions.microsoft.com> wrote in message news:2F570646-DCE7-44C6-8015-093A5CF509DA@microsoft.com... Great thanks John. Is the username and password stored in a session variable or in the browser? Is there a way I can access them? -- www.w00t.biz "Jeff Cochran" wrote: > On Wed, 8 Jun 2005 07:35:05 -0700, mattastic > <mattastic@discussions.microsoft.com> wrote: > > >Hi, > > > >I'm a bit of newbie to networks and IIS. > > > >The users on my network, log in using a novell login box when they boot up > >their pc. > > > >When they open their browser, they have to enter the same username and > >password to log into our intranet. > > > >Is there anyway I can get rid of the login prompt for the browser, and log > >them in automatically using the initial windows login they entered. > > Enable basic authentication, remove anonymous access and add the > intranet to the intranet zone in Internet Explorer. > > Jeff >
- Previous message: Jeff Cochran: "Re: Can't get rid of localstart.asp"
- In reply to: mattastic: "Re: Logging into website - remove log in box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
