Welcome to HostingForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Integrated authentication (NTLM)

  
   Web Hosting Problem Solving Community! (Home) -> IIS RSS
Next:  ASP Process Problem  
Author Message
nospam149

External


Since: Jun 09, 2004
Posts: 1



(Msg. 1) Posted: Wed Jun 09, 2004 5:37 pm
Post subject: Integrated authentication (NTLM)
Archived from groups: microsoft>public>inetserver>iis, others (more info?)
Hi all,

When enabling Integrated auth on a member server is there anyone way of
changing the default domain the member server trys to validate a user
against? By default a memeber server trys to validate the user against its
local security database, not the domain.

This is a problem when a user is logged into a machine which is not a member
of the domain, the user must type in domain_name\Username. The default
domain and Realm settings in IIS seem to have no effect on integrated auth.

thanks for your help.

 >> Stay informed about: Integrated authentication (NTLM) 
Back to top
Login to vote
kenremove

External


Since: Aug 23, 2003
Posts: 3041



(Msg. 2) Posted: Wed Jun 09, 2004 5:54 pm
Post subject: Re: Integrated authentication (NTLM) [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
There is no way you can do this unfortunately. The user must supply
Domain\Username or user@domain

Domain is only for Basic Auth, and Realm is only for Digest Auth. There is
no equivalent for IWA

Cheers
Ken


"john smith" <nospam DeleteThis @nowhere.com> wrote in message
news:eY9vusdTEHA.3616@TK2MSFTNGP11.phx.gbl...
: Hi all,
:
: When enabling Integrated auth on a member server is there anyone way of
: changing the default domain the member server trys to validate a user
: against? By default a memeber server trys to validate the user against
its
: local security database, not the domain.
:
: This is a problem when a user is logged into a machine which is not a
member
: of the domain, the user must type in domain_name\Username. The default
: domain and Realm settings in IIS seem to have no effect on integrated
auth.
:
: thanks for your help.
:
:

 >> Stay informed about: Integrated authentication (NTLM) 
Back to top
Login to vote
user1375

External


Since: Feb 03, 2004
Posts: 423



(Msg. 3) Posted: Wed Jun 09, 2004 5:54 pm
Post subject: Re: Integrated authentication (NTLM) [Login to view extended thread Info.]
Archived from groups: microsoft>public>inetserver>iis (more info?)
John,

It's the truth that there is no way to bypass inputting
domain\username syntax. The essential is Windows integrated
authentication's logon tickets are generated on clients and IIS
cannot modify anything of them(i.e add the domain prefix) but just
pass them to Domain Controller for auth. Therefore, the
authentication will fail without the domain prefix.

On the other side, for Basic auth(ClearText), IIS can attach the
DefaultLogonDomain value into the user credential.

I think you may take a look at the following KB. Check if it's
possible to make all the conditions be matched which let IE
automatically performs the authentication with IIS and no longe
prompts for username\password.

Internet Explorer May Prompt You for a Password
http://support.microsoft.com/?id=258063

Best regards,

WenJun Zhang
Microsoft Online Support
This posting is provided "AS IS" with no warranties, and confers no
rights.
Get Secure! - www.microsoft.com/security
 >> Stay informed about: Integrated authentication (NTLM) 
Back to top
Login to vote
user1375

External


Since: Feb 03, 2004
Posts: 423



(Msg. 4) Posted: Fri Jun 11, 2004 11:50 am
Post subject: Re: Integrated authentication (NTLM) [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Hello John,

I'm just wondering if you have further questions on this issue?

Best regards,

WenJun Zhang
Microsoft Online Support
This posting is provided "AS IS" with no warranties, and confers no
rights.
Get Secure! - www.microsoft.com/security
 >> Stay informed about: Integrated authentication (NTLM) 
Back to top
Login to vote
Display posts from previous:   
   Web Hosting Problem Solving Community! (Home) -> IIS All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]