Re: W2k3 IIS6 Basic auth over domain

Hi,

When you have mulitple authN mechanisms checked (e.g. IWA *and* Basic), then
the webserver will send back a list of all supported (i.e. enabled)
mechanisms to the client, and the client will select the "strongest" one
that it supports.

So, if you have IWA and Basic enabled, and the client supports IWA, then IWA
will be choosen (e.g. NTLM or Kerberos). Only if the client doesn't
understand/support IWA will Basic be used. So, "yes", you can have both of
them selected, but if the client supports IWA, then it will attempt to use
IWA. With IWA, you need to supply a domain name.

Cheers
Ken


"Anonymous" <none@xxxxxxxx> wrote in message
news:eNtQJBOIGHA.3984@xxxxxxxxxxxxxxxxxxxxxxx
: Hi!
:
: Hi thanks for your reply seames to work!
: I tested what you say and unchecking the Windows Authentication solves the
: problem. The domain isn't required anymore.
:
: So if I understand this correcly I cannot have both Windows Authentication
: and "Basic Authentication" checked. Because then I have to specify the
logon
: domain?
:
: /ULrik
:
:
:
: "Ken Schaefer" <kenREMOVE@xxxxxxxxxxxxxxxxxxxx> skrev i meddelandet
: news:Oz9r9lNIGHA.1032@xxxxxxxxxxxxxxxxxxxxxxx
: > Hi,
: >
: > Do you also have Integrated Windows Authentication checked? If so, the
: > browser is most likely using NTLM or Kerberos authN and the Domain/Realm
: > fields are not relevant to either of those AuthN mechanisms.
: >
: > Cheers
: > Ken
: >
: >
: >
: > "Anonymous" <none@xxxxxxxx> wrote in message
: > news:ew0wz8LIGHA.3700@xxxxxxxxxxxxxxxxxxxxxxx
: > : Hi!
: > :
: > : Im trying to get basic authentication work in IIS6. I have checked the
: > basic
: > : auth box in settings and selected domain and realm but when i try to
: > access
: > : the site I have to specify the username in the DOMAIN\USERNAME format
or
: > : else I'm denied access. I've also tried this on an WinXP workstation
: > with
: > : the same result.
: > : Furthermore I've tried NOT to specify domain and realm (just checked
the
: > : basic auth box), and again specefying username inte the
DOMAIN\USERNAME
: > : format let's one access the site.
: > : What does the domain/realm setting do actually?
: > : Is it possible to autenticate domain users for a IIS site using only
: > : username and password?
: > :
: > : /Ulrik
: > :
: > :
: >
: >
:
:


.

Relevant Pages

  • Re: W2k3 IIS6 Basic auth over domain
    ... > mechanisms to the client, and the client will select the "strongest" one ... > So, if you have IWA and Basic enabled, and the client supports IWA, then ... >:> Do you also have Integrated Windows Authentication checked? ... >:> fields are not relevant to either of those AuthN mechanisms. ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS 7 Windows Authentication - Setting Default Domain For Remote U
    ... If you select multiple authentication options (e.g. IWA + Basic) then IIS presents then all to the client, and the client selects the most secure one. ...
    (microsoft.public.inetserver.iis.security)
  • Re: AzMan Still the way to go?
    ... Well - you find that much info about IWA in Stefan's book - it is more about the providers. ... The good thing with IWA is, that you turn it on and it just works - you don't need any code. ... I can use windows authentication IIS, and was actually planing on it. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: ASP.net web site authentication
    ... ASPInsider ... > If you want to use IWA, you will need Kerberos delegation as well. ... > "Gareth" wrote in message ... >> Windows authentication'. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • NT4 domain authentication problem
    ... I installed Portal Server 2003. ... Windows Authentication (IWA) is enabled in IIS 6.0. ... We still have NT4 domains. ...
    (microsoft.public.sharepoint.portalserver)
Loading