|
Home > Archive > IIS Server Security > January 2004 > IIS authentication across domains
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IIS authentication across domains
|
|
| Ken Widmaier 2004-01-24, 1:57 am |
| We are running a asp application on an IIS 5 server. Part
of the application reads account and domain names of the
users and stores it in a database. This works fine as
long as the users are in the same domain as the IIS
server. When users are in a sister domain in the same
forest, the uses
We are having a problem with IIS authenticating accounts
from sister domains (i.e. domains in the same forest but
not the domain that the IIS resides).
I found a Knowledge Base article on the topic which I
included below. I tried the workaround and it did not
correct the problem. Does anyone else have any experience
with this problem and hopefully come up with a solution.
Thanks in advance.
--------------------------
How to Authenticate a User Against All Trusting Domains
This article was previously published under Q168908
SUMMARY
By default, Internet Information Server (IIS) validates an
unqualified user logon ID against either the local
computer's user database or the domain which the server is
a member of. This article describes how to configure IIS
to validate the unqualified user logon against all
trusting domains and the user accounts database.
MORE INFORMATION
To configure IIS to validate the unqualified user logon
against all trusting domains and the user accounts
database, use the appropriate method:
IIS 4.0 and IIS 5.0
Method 1
1. Start the IIS Microsoft Management Console (MMC).
2. Right-click the desired Web site, and then click
Properties.
3. On the Directory Security tab, in the Anonymous
Access and Authentication Control section, cclick Edit.
4. Click Edit for Default domain for basic
authentication.
5. In the Domain Name text box, type a single
backslash \.
6. Click OK three times to return to the Internet
Service Manager MMC.
| |
| David Wang [Msft] 2004-01-24, 1:57 am |
| Is IIS not able to authenticate across domains, or is your ASP Application
failing to read account and domain names of the user across domains?
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Ken Widmaier" <kwidmaier@usaid.gov> wrote in message
news:0a0401c3c59d$5a35d2c0$a001280a@phx.gbl...
We are running a asp application on an IIS 5 server. Part
of the application reads account and domain names of the
users and stores it in a database. This works fine as
long as the users are in the same domain as the IIS
server. When users are in a sister domain in the same
forest, the uses
We are having a problem with IIS authenticating accounts
from sister domains (i.e. domains in the same forest but
not the domain that the IIS resides).
I found a Knowledge Base article on the topic which I
included below. I tried the workaround and it did not
correct the problem. Does anyone else have any experience
with this problem and hopefully come up with a solution.
Thanks in advance.
--------------------------
How to Authenticate a User Against All Trusting Domains
This article was previously published under Q168908
SUMMARY
By default, Internet Information Server (IIS) validates an
unqualified user logon ID against either the local
computer's user database or the domain which the server is
a member of. This article describes how to configure IIS
to validate the unqualified user logon against all
trusting domains and the user accounts database.
MORE INFORMATION
To configure IIS to validate the unqualified user logon
against all trusting domains and the user accounts
database, use the appropriate method:
IIS 4.0 and IIS 5.0
Method 1
1. Start the IIS Microsoft Management Console (MMC).
2. Right-click the desired Web site, and then click
Properties.
3. On the Directory Security tab, in the Anonymous
Access and Authentication Control section, cclick Edit.
4. Click Edit for Default domain for basic
authentication.
5. In the Domain Name text box, type a single
backslash \.
6. Click OK three times to return to the Internet
Service Manager MMC.
| |
| Ken Widmaier 2004-01-24, 1:58 am |
|
Thanks for you help. It turns out there were 3 different problems. You
solution fixed one. The second problem was the IIS server was not in
the Intranet security group of the IE clients and the 3rd problem was
the DNS needed the fully qulified domain name in order to resolve the
URL for the IIS web site.
Thanks much.
*** Sent via Developersdex http://www.examnotes.net ***
Don't just participate in USENET...get rewarded for it!
|
|
|
|
|