|
Home > Archive > IIS Server Security > August 2004 > Basic Authentication Issue
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Basic Authentication Issue
|
|
| David Hurley 2004-08-27, 6:17 pm |
| I found this question on the web and it is the same problem I am having, but
I cannot seem to find an answer, any help would be greatly appreciated.
Thanks,
David
---------------------------------------
We have an IIS 5-based intranet Web site running on a Windows 2000 Server
domain member server. The Intranet virtual directory is configured for SSL,
Basic Authentication (with a default domain specified) and Integrated
Windows Authentication.
When users log in with the Domain name\Username syntax at the login box,
they can login just fine. However, if the users try to login with only their
domain user name, IIS shoots back the logon box pre-filled in with:
Servername\username
The server name is fully qualified. That is to say:
Server01.company.com\joeuser
This strikes me as very, very weird.
I scoured the metabase by using the metabase editor. I found some traces to
the referenced servername path in the SMTP properties and I nuked 'em
because we aren't running SMTP on the IIS server. No help, though.
I also scoured the Registry for traces of the servername--nothing. I don't
know why IIS thinks it should be pointing to the local computer instead of
our domain controller. As I said earlier, if users manually type in
Domainname\Username they can log in fine. However, as you network admins
know, the less we have to instruct our users to do themselves manually, the
better. 
Thanks in advance,
Tim
| |
| Jeff Cochran 2004-08-27, 6:17 pm |
| On Thu, 26 Aug 2004 12:11:44 -0500, "David Hurley"
<dhurley@HiWAAY.net.nospam> wrote:
>I found this question on the web and it is the same problem I am having, but
>I cannot seem to find an answer, any help would be greatly appreciated.
>
>Thanks,
>
>David
>
>---------------------------------------
>
>We have an IIS 5-based intranet Web site running on a Windows 2000 Server
>domain member server. The Intranet virtual directory is configured for SSL,
>Basic Authentication (with a default domain specified) and Integrated
>Windows Authentication.
>
>When users log in with the Domain name\Username syntax at the login box,
>they can login just fine. However, if the users try to login with only their
>domain user name, IIS shoots back the logon box pre-filled in with:
>
>Servername\username
>
>The server name is fully qualified. That is to say:
>
>Server01.company.com\joeuser
>
>This strikes me as very, very weird.
That's expected behavior.
If you're using only IE as a client, you can disable Basic
Authentications and use only Windows Integrated. Then make sure the
web site domain is in the intranet zone in IE's security tab. IE will
pass credentials, other browsers will not.
Jeff
>I scoured the metabase by using the metabase editor. I found some traces to
>the referenced servername path in the SMTP properties and I nuked 'em
>because we aren't running SMTP on the IIS server. No help, though.
>
>I also scoured the Registry for traces of the servername--nothing. I don't
>know why IIS thinks it should be pointing to the local computer instead of
>our domain controller. As I said earlier, if users manually type in
>Domainname\Username they can log in fine. However, as you network admins
>know, the less we have to instruct our users to do themselves manually, the
>better.
>
>Thanks in advance,
>Tim
>
| |
| Ken Schaefer 2004-08-27, 6:17 pm |
| Hi,
If the client supports Integrated Windows Authenticatin (NTLM or Kerberos)
then the browser will use that in preference to Basic Authentication. IWA
does not support a "default domain". You need to enter your credentials as
Domain\User or domain@user-principal-name-suffix
If you want a more detailed discussion of authentication methods, grab
chapter 5 from my IIS 6.0 security book. There's a link to download the PDF
on my homepage (www.adopenstatic.com)
Cheers
Ken
"David Hurley" <dhurley@HiWAAY.net.nospam> wrote in message
news:Ohy%23b94iEHA.2992@TK2MSFTNGP12.phx.gbl...
>I found this question on the web and it is the same problem I am having,
>but
> I cannot seem to find an answer, any help would be greatly appreciated.
>
> Thanks,
>
> David
>
> ---------------------------------------
>
> We have an IIS 5-based intranet Web site running on a Windows 2000 Server
> domain member server. The Intranet virtual directory is configured for
> SSL,
> Basic Authentication (with a default domain specified) and Integrated
> Windows Authentication.
>
> When users log in with the Domain name\Username syntax at the login box,
> they can login just fine. However, if the users try to login with only
> their
> domain user name, IIS shoots back the logon box pre-filled in with:
>
> Servername\username
>
> The server name is fully qualified. That is to say:
>
> Server01.company.com\joeuser
>
> This strikes me as very, very weird.
>
> I scoured the metabase by using the metabase editor. I found some traces
> to
> the referenced servername path in the SMTP properties and I nuked 'em
> because we aren't running SMTP on the IIS server. No help, though.
>
> I also scoured the Registry for traces of the servername--nothing. I don't
> know why IIS thinks it should be pointing to the local computer instead of
> our domain controller. As I said earlier, if users manually type in
> Domainname\Username they can log in fine. However, as you network admins
> know, the less we have to instruct our users to do themselves manually,
> the
> better.
>
> Thanks in advance,
> Tim
>
>
|
|
|
|
|