|
Home > Archive > IIS Server Security > September 2004 > IIS 6 Default Domain
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IIS 6 Default Domain
|
|
|
| I have recently upgraded a WinNT 4 Web Server to 2003.
On NT4 the server was in a workgroup of its own, on upgrade it is a member
of an Active Directory domain.
I have an area of the site which requires users to log on. The area is
configured to use integrated windows authentication, with anonymous access
disabled.
This has all worked fine before the upgrade, however, the logon box is now
insisting on the username having the domain name attached i.e.
DOMAINNAME/USERNAME. When the this format is used the users are able to
login successfully.
Is there any way to force the system to append the domain during
authentication? Therefore our users would simply login with a username and
password, and the correct domain name would be used.
Any help with this would be greatly appreciated.
David
| |
| Ken Schaefer 2004-09-24, 7:48 am |
| Hi,
When using Integrated Windows Authentication, the default security realm is
always the local machine (ie the webserver). That's why it "worked" before
(when the machine was simply a standalone workgroup server).
You can configure IE to automatically logon to the server with the user's
current credentials by either:
a) accessing the site via a name that places it into the local intranet
security zone (eg http://server)
-or-
b) adding the site to the user's local Intranet security zone (eg via group
policy)
http://support.microsoft.com/?id=258063
http://support.microsoft.com/?id=303650
More information on IIS authentication mechanisms can be found here:
www.adopenstatic.com (there is a link to get a sample chapter of the IIS
security book Bernard Cheah and I worked on). That chapter covers the ins
and outs of the various auth mechanisms in IIS.
Cheers
Ken
"Davie" <dxw@mms.co.uk> wrote in message
news:eB7D73hoEHA.2824@TK2MSFTNGP10.phx.gbl...
>I have recently upgraded a WinNT 4 Web Server to 2003.
>
> On NT4 the server was in a workgroup of its own, on upgrade it is a member
> of an Active Directory domain.
>
> I have an area of the site which requires users to log on. The area is
> configured to use integrated windows authentication, with anonymous access
> disabled.
>
> This has all worked fine before the upgrade, however, the logon box is now
> insisting on the username having the domain name attached i.e.
> DOMAINNAME/USERNAME. When the this format is used the users are able to
> login successfully.
>
> Is there any way to force the system to append the domain during
> authentication? Therefore our users would simply login with a username
> and
> password, and the correct domain name would be used.
>
> Any help with this would be greatly appreciated.
>
> David
>
>
| |
| Bernard 2004-09-24, 5:51 pm |
| If you are using Basic, you can specify 'default logon domain' to skip the
'domainname'. However this is not available in Integrated windows
authentication. In IWA, the current user credentail is used, if
authentication failed, the browser will display a login prompt.
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:uQ6SgxioEHA.2636@TK2MSFTNGP09.phx.gbl...
> Hi,
>
> When using Integrated Windows Authentication, the default security realm
is
> always the local machine (ie the webserver). That's why it "worked" before
> (when the machine was simply a standalone workgroup server).
>
> You can configure IE to automatically logon to the server with the user's
> current credentials by either:
> a) accessing the site via a name that places it into the local intranet
> security zone (eg http://server)
> -or-
> b) adding the site to the user's local Intranet security zone (eg via
group
> policy)
>
> http://support.microsoft.com/?id=258063
> http://support.microsoft.com/?id=303650
>
> More information on IIS authentication mechanisms can be found here:
> www.adopenstatic.com (there is a link to get a sample chapter of the IIS
> security book Bernard Cheah and I worked on). That chapter covers the ins
> and outs of the various auth mechanisms in IIS.
>
> Cheers
> Ken
>
> "Davie" <dxw@mms.co.uk> wrote in message
> news:eB7D73hoEHA.2824@TK2MSFTNGP10.phx.gbl...
member[vbcol=seagreen]
access[vbcol=seagreen]
now[vbcol=seagreen]
>
>
|
|
|
|
|