IIS Authentication Question

IIS Authentication Question

am 27.11.2007 18:08:04 von BishopZ

I'm new to IIS and had a few questions regarding the Authentication methods
provided by IIS. I have a web server joined to Active Directory and want
authentication for users that exist in AD. However, I don't want them to have
to put in domain\username and password. Is there a way that I can get rid of
the domain part and have the users just put in their usernames? I think
removing the web server from the domain will accomplish this but it needs to
be on SSL and the certificate is coming from the domain controller.

Any help will be greatly appreciated!

Re: IIS Authentication Question

am 27.11.2007 22:35:27 von Kristofer Gafvert

Hello,

If you use Basic Authentication (clear text) you can set the
DefaultLogonDomain metabase property to the default domain, and this will
not require your users to use domain\username. See link below.

But for Integrated Authentication, this is not possible. The logon ticket is
generated on the client, and IIS cannot in any way modify it on its way to
the Domain Controller. This means that IIS cannot attach the domain-part,
hence the user is required to specify the domain.

If the client and web server is joined to the same domain Internet Explorer
should automatically log on the user, without asking for username and
password. You may want to check this KB Article to make sure the
requirements are full-filled.

"Internet Explorer May Prompt You for a Password"
http://support.microsoft.com/kb/258063/en-us

"Setting the Default Logon Domain (IIS 6.0)"
http://www.microsoft.com/technet/prodtechnol/WindowsServer20 03/Library/IIS/c2cfb57c-a574-4a7b-b91b-49fddb9ad4c8.mspx?mfr =true

--
Regards,
Kristofer Gafvert
http://www.gafvert.info/iis/ - IIS Related Info


"BishopZ" skrev i meddelandet
news:B2473F55-DD41-4BC4-976F-26446DA6B946@microsoft.com...
> I'm new to IIS and had a few questions regarding the Authentication
> methods
> provided by IIS. I have a web server joined to Active Directory and want
> authentication for users that exist in AD. However, I don't want them to
> have
> to put in domain\username and password. Is there a way that I can get rid
> of
> the domain part and have the users just put in their usernames? I think
> removing the web server from the domain will accomplish this but it needs
> to
> be on SSL and the certificate is coming from the domain controller.
>
> Any help will be greatly appreciated!