Re: Authentication prompts with wrong domain

From: "Daniel Crichton" <msnews@xxxxxxxxxxxxxxxx>
Date: Mon, 5 Jan 2009 11:28:14 -0000

David wrote on Wed, 24 Dec 2008 15:40:01 -0800:

We have a Web site for staff use, which we maintain on a Windows 2003
Server (SE, SP2). The Default Web Site properties have Authentication
set as follows: "Enable anonymous access" is unchecked; "Integrated
Windows" and "Basic" authentication are checked, and our AD Windows
domain (call it ourdomain.org) is entered as the Default Domain and
Realm. Seems all OK to me.
Because this Web site is for staff use only, we do not use our primary
organization's domain name as the URL; instead we have set up
www.specialdomain.org to point to this server.
When our users browse to our Web site from the Internet (i.e. not
within our
LAN) they are invited to log on, and they can log on with their full
email address ("user@xxxxxxxxxxxxx" and their regular Windows logon
password. BUT if they don't get it right the first time, they are
"prompted" with the username "user@xxxxxxxxxxxxxxxxx", which is dead
wrong. Of course, staff are inclined to accept whatever is filled in
for them, so they try repeatedly to log on with this impossible
username.
Is there any way within IIS to control what appears as the prompt to
folks attempting to log on?
Failing that, can anybody suggest any way to help my users avoid this
trap?
Thanks, and happy holidays!

I think what appears in the login dialog is generated by the browser, and
I'm guessing you're using IE so there's nothing you can do to change this
other than to change the URL the users go to from www.specialdomain.org to
www.ourdomain.org as IE will use the current URL being requested to generate
the entry in the dialog.

The Domain and Realm I think are only used for Basic Authentication (been a
long time since I had to set up a site using authentication as all the sites
I dev/run are public ones with the user restricted areas using custom forms
based auth against a database). You might find these are used if you disable
Integrated Authentication, but then you lose the advantages that option
gives you.

--
Dan

.

Prev by Date: IIS authentication (kerberos and Integrated security)
Next by Date: Managing IP restrictions in IIS 6.0 - nightmare!
Previous by thread: IIS authentication (kerberos and Integrated security)
Next by thread: Managing IP restrictions in IIS 6.0 - nightmare!
Index(es):
- Date
- Thread

Relevant Pages

RE: Beginners Questions
... We do use Windows form on the presentation layer which is on ... terminal server and call web services on the business logic side. ... of using "proxy" authentication on SQL Server. ... > I have written an app with a Windows Forms UI that is deployed to clients ...
(microsoft.public.dotnet.distributed_apps)
Re: Need help configuring Wireless Connection profile
... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
(microsoft.public.windowsxp.general)
Re: EAP-TLS with windows CE
... The AP was sending out an Identity Request every second, ... request to the identification server. ... When the server asks the Windows CE device to identify itself, ... I could easily steal your authentication information. ...
(microsoft.public.windowsce.platbuilder)
Re: server authentication & ASP authentication
... on to the client workstation with an authorized Windows account. ... SQL Server with Windows authentication. ...
(microsoft.public.sqlserver.security)
Re: ADFS Development Issues
... site to be automatically authenticated by our windows application so ... based on redirects and possibly uses forms-based authentication to collect ... web service proxies don't handle this type of thing ... the server based on how it needs to work. ...
(microsoft.public.windows.server.active_directory)