Requiring Logon

We have many users that share computers. The computers are logged on using a
generic user account so that certain apps can continue to run and be
available all day.

We have a particular web site that requires Windows Integrated
authentication whereas all the others on the web server can use Basic
authentication.

We need users to log into the web site because it has data that is
user-specific.

Do you have any ideas on how we could have the Windows Integrated
authentication turned on but still require logon at the website?

Thanks
--
Charles Allen, MVP

Re: Requiring Logon

On Nov 26, 3:19 pm, Charles Allen wrote:
> We have many users that share computers. The computers are logged on using a
> generic user account so that certain apps can continue to run and be
> available all day.
>
> We have a particular web site that requires Windows Integrated
> authentication whereas all the others on the web server can use Basic
> authentication.
>
> We need users to log into the web site because it has data that is
> user-specific.
>
> Do you have any ideas on how we could have the Windows Integrated
> authentication turned on but still require logon at the website?
>
> Thanks
> --
> Charles Allen, MVP



Personally, I question the security of such an arrangement. If
multiple users share the same Windows login, what prevents one of the
users from planting software to steal and impersonate another user?

Assuming you are ok with the security concerns, then I think that what
you want to do should just work by default if the generic user account
does NOT have permissions to the website that requires Windows
Integrated authentication. I'm assuming the website is Intranet and
without dots in the name (i.e. http://localSite and not http://local.Site).

In such a situation, you can configure localSite to be in the Intranet
zone, and then configure IE to always prompt for username:password
(i.e. never auto-login) for those sites. You don't need to use Basic
authentication to force user login dialog, and it works with Windows
Integrated as well.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

Re: Requiring Logon

Hello, Charles Allen!
You wrote on Mon, 26 Nov 2007 15:19:01 -0800:

CA> We have many users that share computers. The computers are logged on using a
CA> generic user account so that certain apps can continue to run and be
CA> available all day.

CA> We have a particular web site that requires Windows Integrated
CA> authentication whereas all the others on the web server can use Basic
CA> authentication.

CA> We need users to log into the web site because it has data that is
CA> user-specific.

CA> Do you have any ideas on how we could have the Windows Integrated
CA> authentication turned on but still require logon at the website?

Probably it will be helpful to disable access to directory (on NTFS level) for this
generic user and enable it for all specific users.

CA> Thanks
CA> --
CA> Charles Allen, MVP


Georgy