Integrated Windows Authentication and Domain prefix on popup

Hello,

first of all... "sorry in advance" I come from the development world and
I'm not quite good at the admin. Jargon :-).

In the web application that we have we are using "Integrated Windows
Authentication", what it happens for users that want to authenticate from
outside the domain is that they have to enter as domain preffix in the IE
connect to popup, e.g.:

MyDomain\MyLogin

I have seen that some sites just workaround this and is not needed to enter
the bloody domaind prefix (the users of my web application are used to enter
that login without the prefix :-( ).

Is there any way to configure this? (jejej I was looking for a check box
"By default add programmaticaly the default domain prefix :P).

Thanks in advance, regards
Braulio

Re: Integrated Windows Authentication and Domain prefix on popup

"Braulio Diez" wrote in message
news:11B68770-C2DC-461B-A708-CBAA9A0ABB75@microsoft.com...
> Hello,
>
> first of all... "sorry in advance" I come from the development world and
> I'm not quite good at the admin. Jargon :-).
>
> In the web application that we have we are using "Integrated Windows
> Authentication", what it happens for users that want to authenticate from
> outside the domain is that they have to enter as domain preffix in the IE
> connect to popup, e.g.:
>
> MyDomain\MyLogin
>
> I have seen that some sites just workaround this and is not needed to
> enter
> the bloody domaind prefix (the users of my web application are used to
> enter
> that login without the prefix :-( ).
>
> Is there any way to configure this? (jejej I was looking for a check box
> "By default add programmaticaly the default domain prefix :P).
>
> Thanks in advance, regards
> Braulio
>

Not that I am aware of for Windows Integrated auth.
If you enabled plain text then yes, as then IIS has a chance to
edit what they send and insert the domain\ prefix, but with
Windows Integrated it does not have at any time the sting
"username" to adorn before the auth methods.

Roger

Re: Integrated Windows Authentication and Domain prefix on popup

Thanks for the info,

At least is good to know that is not possible :-)

I have a lot of non techie clients that always complain about that.. "Why
the hell I have to write this stupid prefix.."






"Roger Abell [MVP]" wrote:

> "Braulio Diez" wrote in message
> news:11B68770-C2DC-461B-A708-CBAA9A0ABB75@microsoft.com...
> > Hello,
> >
> > first of all... "sorry in advance" I come from the development world and
> > I'm not quite good at the admin. Jargon :-).
> >
> > In the web application that we have we are using "Integrated Windows
> > Authentication", what it happens for users that want to authenticate from
> > outside the domain is that they have to enter as domain preffix in the IE
> > connect to popup, e.g.:
> >
> > MyDomain\MyLogin
> >
> > I have seen that some sites just workaround this and is not needed to
> > enter
> > the bloody domaind prefix (the users of my web application are used to
> > enter
> > that login without the prefix :-( ).
> >
> > Is there any way to configure this? (jejej I was looking for a check box
> > "By default add programmaticaly the default domain prefix :P).
> >
> > Thanks in advance, regards
> > Braulio
> >
>
> Not that I am aware of for Windows Integrated auth.
> If you enabled plain text then yes, as then IIS has a chance to
> edit what they send and insert the domain\ prefix, but with
> Windows Integrated it does not have at any time the sting
> "username" to adorn before the auth methods.
>
> Roger
>
>
>

Re: Integrated Windows Authentication and Domain prefix on popup

You need the domain prefix for a wide variety of security reasons. And
for the same security reasons, one cannot "prefix" or otherwise modify
the user principal prior to credential validation -- so you have to
give both domain and username in some form. Unfortunately, most
clients' eyes glaze over by the time one goes through the reasons. ;-)

Now, you can enable UPN and those non-techie clients can enter
username@domain.com instead of remembering a "domain prefix". I think
it is a reasonable solution since most websites seem to use either
username or username@domain.com and people seem ok with remembering
it.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//





On Apr 29, 11:20 pm, Braulio Diez wrote:
> Thanks for the info,
>
> At least is good to know that is not possible :-)
>
> I have a lot of non techie clients that always complain about that.. "Why
> the hell I have to write this stupid prefix.."
>
>
>
> "Roger Abell [MVP]" wrote:
> > "Braulio Diez" wrote in message
> >news:11B68770-C2DC-461B-A708-CBAA9A0ABB75@microsoft.com...
> > > Hello,
>
> > > first of all... "sorry in advance" I come from the development world and
> > > I'm not quite good at the admin. Jargon :-).
>
> > > In the web application that we have we are using "Integrated Windows
> > > Authentication", what it happens for users that want to authenticate from
> > > outside the domain is that they have to enter as domain preffix in the IE
> > > connect to popup, e.g.:
>
> > > MyDomain\MyLogin
>
> > > I have seen that some sites just workaround this and is not needed to
> > > enter
> > > the bloody domaind prefix (the users of my web application are used to
> > > enter
> > > that login without the prefix :-( ).
>
> > > Is there any way to configure this? (jejej I was looking for a check box
> > > "By default add programmaticaly the default domain prefix :P).
>
> > > Thanks in advance, regards
> > > Braulio
>
> > Not that I am aware of for Windows Integrated auth.
> > If you enabled plain text then yes, as then IIS has a chance to
> > edit what they send and insert the domain\ prefix, but with
> > Windows Integrated it does not have at any time the sting
> > "username" to adorn before the auth methods.
>
> > Roger- Hide quoted text -
>
> - Show quoted text -

Re: Integrated Windows Authentication and Domain prefix on popup

>> outside the domain is that they have to enter as domain preffix in the IE
>> connect to popup, e.g.:
>>
>> MyDomain\MyLogin
>>
>> I have seen that some sites just workaround this and is not needed to
>> enter
>> the bloody domaind prefix (the users of my web application are used to
>> enter
>> that login without the prefix :-( ).
>>
>> Is there any way to configure this? (jejej I was looking for a check box
>> "By default add programmaticaly the default domain prefix :P).
>>
>> Thanks in advance, regards
>> Braulio
>>
>
>Not that I am aware of for Windows Integrated auth.
>If you enabled plain text then yes, as then IIS has a chance to
>edit what they send and insert the domain\ prefix, but with
>Windows Integrated it does not have at any time the sting
>"username" to adorn before the auth methods.
>
>Roger


Then what is the function of DefaultLogonDomain ? I see many
references to using it for FTP access, why not for web access?

Brent