Maintain logon information between website

Maintain logon information between website

am 16.11.2007 15:51:09 von Omko

Hello,

I am running an iis 6 webserver.
I have configured 2 websites. One is a sharepoint site, the other is a
standard website (plain html).

both sites allow only on SSL access.
both sites don't allow anonymous connections.
both sites have intergrated windows authentication and basic
authentication enabled.
both sites run on the same webserver

I want to achieve that when I am logged in at one site and I go to the
other site (in the same browser) I am logged in automatically.
At the moment I have to login to both sites, which is very user-
unfriendly.

I hope someone can help...

Re: Maintain logon information between website

am 17.11.2007 12:57:41 von David Wang

On Nov 16, 6:51 am, Omko wrote:
> Hello,
>
> I am running an iis 6 webserver.
> I have configured 2 websites. One is a sharepoint site, the other is a
> standard website (plain html).
>
> both sites allow only on SSL access.
> both sites don't allow anonymous connections.
> both sites have intergrated windows authentication and basic
> authentication enabled.
> both sites run on the same webserver
>
> I want to achieve that when I am logged in at one site and I go to the
> other site (in the same browser) I am logged in automatically.
> At the moment I have to login to both sites, which is very user-
> unfriendly.
>
> I hope someone can help...


What you want to achieve is actually very insecure and poor form of
security, even though it is "user-friendly". This is a classic
tradeoff between security and user-friendliness that you need to make.

With Windows Integrated Authentication, the browser will automatically
login to websites that it is allowed to auto-login. Thus, you should
never need to manually login to both sites, unless you have failed to
configure the browser to auto-login.

What are the full hostnames of your websites. If they contain
"dots" (i.e www.domain.com), then you need to configure the browser to
treat them as "trusted" and auto-login.

Otherwise, you need the server's to "share" authentication, which is
possible but a more complicated procedure due to its sensitive
security nature. You don't just make one site trust login of another
-- that is insecure.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//