Re: IIS 6.0: Windows authentication across virtual servers

From: Michael Barrett (mbiwj001_at_sneakemail.com)
Date: 02/19/04 

Date: Thu, 19 Feb 2004 10:17:41 +0100

Thanks for the answer. Please see my response below.

"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:ez5mdWs9DHA.3648@TK2MSFTNGP11.phx.gbl...
> If you're using Integrated authentication and both servers and users are
> in
> the same (or cross-trusted) domain, there shouldn't be any dialog box as
> IE
> will take care of the auto-logon (unless configured to not do it).

That is what I initially thought too... But apparently it does not work with
our applications.

>
> There is a big difference between IE auto-login and "Pass-thru"
> authentication. The former is pretty implicit since you directly control
> the browser to give authentication. The latter requires the concept of
> "delegation" where you, the user, must delegate to the website (controlled
> by someone else) the ability to act as YOU (and not the website) while
> accessing another website. Delegation is a pretty trusted operation.

Well... When I used the term "pass-thru", I guess I did not know exactly
what it meant ;-)

> So, I'm confused by your terminoligy of "Virtual Server" -- are you
> talking
> about two websites on two different physical servers, or just two
> different
> websites one one physical server.

I should have been more precise on this. I am talking about two different
websites on the same physical server (running Windows Server 2003 as a
domain controller).

>
> WSS and ASP.Net both have custom authentication solutions, and I think
> that
> they are not compatible with each other, so you want to make sure you're
> not
> in that case, too.
>

My thought was that if a user was authenticated on WSS (using IWA), he/she
would not have to enter username and password again when accessing another
website (on the same physical server), which also uses IWA... Does this
sound reasonable or have I overlooked something? 

--
Michael Barrett

Relevant Pages