Re: KB 834489 - workarround

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 08/21/05

Next message: David Wang [Msft]: "Re: Use of Client Certificates"
Previous message: David Wang [Msft]: "Re: ASPX form Uploads a file even without IIS Write permission"
In reply to: Ran Davidovitz: "Re: KB 834489 - workarround"
Next in thread: Ran Davidovitz: "Re: KB 834489 - workarround"
Reply: Ran Davidovitz: "Re: KB 834489 - workarround"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 21 Aug 2005 01:14:10 -0700

Browse through some of my blog entries to understand more about what you are
trying to do and why things work the way they do.

http://blogs.msdn.com/david.wang/archive/2005/07/06/SSO_ISAPI_Considerations_2.aspx

Based on what you have said, I think the simplest solution is to have two
websites, both pointing to the same content:
1. Intranet website uses Integrated authentication
2. Internet-facing website uses Basic+SSL

>From home without VPN, Employees sign on using Basic over SSL and the
browser is instructed to "trust" and auto-authenticate to the
Internet-facing website. From work, Employees are already logged in and just
work.

-- 
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Ran Davidovitz" <ran.davidovitz@verint.com> wrote in message
news:ebteOchpFHA.2580@TK2MSFTNGP09.phx.gbl...
What we are trying to achieve is a single-sign on mecahnism.
Our customer has a broadvision portal on the internet and he would like his
employees
to be able to get to our server through the portal from home. (without VPN)
His employees log into the portal and through there they can get to many
applications
so it is a business requirement to implement SSO (single sign on).
our server is based on iis and which needs to get the credentials in one way
or the other
in order to validate the user and authenticate him.
"Ran Davidovitz" <RanDavidovitz@discussions.microsoft.com> wrote in message
news:DB88F3C3-31AE-482F-8D9A-76BC645B8B74@microsoft.com...
> The customer used basic authentication, he cannot use integrated.
> I don't want him to authenticate using a form.
>
> I don't want the user to type his auth (I want to simulate "SSO") - The
> main
> requirement is not to write credential again.
>
> And the workaround is not clear enough (I have looked at it with some
> developers).
>
> Thank you for your response but it didnt help me yet :)
>
> "David Wang [Msft]" wrote:
>
>> Can you clarify what is confusing you from KB834489
>>
>> I don't know how your authentication is configured and why your customer
>> is
>> passing username/password using the URL, so I cannot make a
>> recommendation
>> on how you can "support this issue (without updating the client side
>> registry)".
>>
>> Why are the workarounds from the KB insufficient? Why can't your user
>> just
>> type in username/password when prompted instead of having to type it into
>> the URL request itself?
>>
>> -- 
>> //David
>> IIS
>> http://blogs.msdn.com/David.Wang
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> //
>> "Ran Davidovitz" <RanDavidovitz@discussions.microsoft.com> wrote in
>> message
>> news:A23D4555-1DCF-4D83-A165-FD8C9569599A@microsoft.com...
>> Hi.
>>
>> I have a customer that until today passed his username / password using
>> the
>> URL (using basic authentication).
>>
>> After reading KB 834489 I see that this behavior is not supported any
>> more.
>>
>> I dont understand what is the workarround described in KB 834489.
>> I want to know if there is another way that i can support this issue
>> (without updating the client side registry).
>>
>> * what ever solution i will do I must support intergrated security also.
>>
>>
>>

Next message: David Wang [Msft]: "Re: Use of Client Certificates"
Previous message: David Wang [Msft]: "Re: ASPX form Uploads a file even without IIS Write permission"
In reply to: Ran Davidovitz: "Re: KB 834489 - workarround"
Next in thread: Ran Davidovitz: "Re: KB 834489 - workarround"
Reply: Ran Davidovitz: "Re: KB 834489 - workarround"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: KB 834489 - workarround
... I don't know how your authentication is configured and why your customer is ... passing username/password using the URL, so I cannot make a recommendation ... I want to know if there is another way that i can support this issue ...
(microsoft.public.inetserver.iis.security)
Re: Windows Integrated and the domain name
... Both NTLM and Kerberos authentication require the full realm and username - that's unfortunately the way both of those two protocols work. ... for a direct integrated windows authentication ... Microsoft Online Community Support ...
(microsoft.public.inetserver.iis.security)
RE: How to Authenticate to WCF Service Via VPN
... \par Microsoft MSDN Online Support Lead ... He launches Cisco Systems VPN Client and authenticates as ... \par> includes the service account identity as a user principal name. ... \par> mutual authentication is assumed. ...
(microsoft.public.dotnet.framework.webservices)
SEC:U MIT-MAGIC-COOKIE-1, Motif 1.3 and HP TCP/IP XDM (long)
... I am not really wishing to start a "this is typical of DEC/CPQ/HP OpenVMS ... goes unspecified in this forum) requires the support of MIT-MAGIC-COOKIE-1. ... It is also a "policy" that such such an authentication scheme ... > to be absent is tantamount to illuminating a neon sign over VMS saying ...
(comp.os.vms)
RE: Transferring membership parameters
... one local app that you have API access for the authentication ... NET) to perform programmtic login or user registering. ... Microsoft MSDN Online Support Lead ... I have a client who wants a solution for the following problem. ...
(microsoft.public.dotnet.general)