Re: IIS 6.0: Windows authentication across virtual servers

From: Jims (biz_at_neocasa.net)
Date: 02/25/04

  • Next message: Keith W. McCammon: "Re: Unix/Linux Kerberos authentication to AD 2003" 
    Date: Wed, 25 Feb 2004 10:36:16 -0500

    This may be more of an IE problem than an IIS or asp issue. By default IE
    will only pass user credentials to a web server if it believes the server is
    on the intranet (short name only, example: http://server NOT
    http://server.domain) or if the server/domain is defined as trusted in
    Tools|Security|(select Local Intranet)|Sites|Advanced settings. Typically,
    passing IE a URL with a fully qualified name such as
    http://thedomain.hosting.dkr.dk/ will prevent credentials from being passed
    to the IIS server unless the domain has been explicitly added to the
    intranet security settings specified above. It has nothing to do with
    authentication communication between virtual webs.

    Jim

    "Michael Barrett" <mbiwj001@sneakemail.com> wrote in message
    news:OsFHgAF%23DHA.2404@TK2MSFTNGP11.phx.gbl...
    > >
    > > In your case, you are completely depending on IE "pre-authenticating"
    for
    > > you, so what are example URLs for accessing your WSS and ASP.Net
    > > websites...
    > > because it affects whether IE will "pre-authenticate" for you or not.
    > >
    >
    > I must admit that this is not known territory for me. I appreciate the
    help.
    >
    > Example URL for WSS-site: http://portal.mydomain.dk
    >
    > Example URL for "other" ASP.NET application:
    > http://thedomain.hosting.dkr.dk/application
    >
    > It makes sense to me that even if the two web sites reside on the same
    > physical server, based on the URLs there is no way for IE to know this...
    > Does this mean that I cannot have IE "pre-authenticate"? If not, is there
    a
    > workaround for my problem?
    >
    > --
    > Michael Barrett
    >
    >

  • Next message: Keith W. McCammon: "Re: Unix/Linux Kerberos authentication to AD 2003"

    Relevant Pages

    • [NT] Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise
      ... This patch eliminates a newly discovered vulnerability affecting Internet ... in IIS 4.0 and 5.0, and could likewise be used to overrun heap memory on ... allowing code to be run on the server. ... * Microsoft has long recommended disabling HTR functionality unless there ...
      (Securiteam)
    • Re: Problem with connect computer wizard
      ... Make sure the Windows XP client is pointing to the SBS 2003 server as ... Please collect the IIS metabase and the latest IIS log files further ... This newsgroup only focuses on SBS technical issues. ...
      (microsoft.public.windows.server.sbs)
    • RE: IIS Key pairs (how to export an IIS 4.0 self-issued Root CA a nd import into new IIS 4.0 box)
      ... IIS key to an Intel SSL acelerator ... it issues client certificates to the end users. ... Step I - Installing the New Server ... Install NT SP 3 ONLY ...
      (Focus-Microsoft)
    • Re: SBS 2003 After Service Pack 1 for SBS
      ... we can conclude the SBS 2003 SP1 has been applied ... Please help me collect the IIS metabase to check ... and using server management console to reproduce the problem. ... This newsgroup only focuses on SBS technical issues. ...
      (microsoft.public.windows.server.sbs)
    • FW: Microsoft Security Advisory MS 03-007
      ... am trying to find a vulnerability tester/script and I could test it out ... Department of the Army server that had been compromised and that this ... announcement covers IIS 5.1 but not IIS 6, ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ...
      (Focus-Microsoft)