|
Home > Archive > IIS Server Security > January 2005 > Help Please
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| Hello,
We have 2 servers running W2K3 Standard Edition. The first server
(let's call it TEST1) is a dc/fs/dns/dhcp. The second server (let's call it
TEST2) is just a webserver and not joined to the dc because for security
reasons, and set to use a workgroup name instead of domain. There is a page
on that website that we wanted when users click it, they will get a login
prompt to login. I already set under the file security settings of that page
not to use anonymous access and checked the authenticated access to use
Integrated Windows authentication and Digest authentication for Windows
domain servers as well as inputted the domain name under the realm of TEST1's
dc name. Whenever I visit that page on the site, I get a login prompt, but
is it possible to use a different credential like username@dcname.com or
dcname\username and then a password so that you can still login to that page
using credentials from the other server. I know this works when you have two
different workgroup/domain by just inputting the domainname\username and
password to get access to the server. Is it possible on websites? I already
tried it to no avail but just wanted to ask for any suggestions if I am doing
it wrong or any other solutions. I also read about LDAP but not sure
what/how it is or if it is even applicable. Sorry for the long post and if
it is unclear let me know. Any help is appreciated. Thanks in advance.
Arnel
praetorian24@DELETECAPShotmail.com
| |
| Ben Vincent [MSFT] 2005-01-31, 7:51 am |
| Hi Arnel,
The way to get this working would be to join TEST2 to the TEST1 domain, at
the moment the server has no way of authenticating against the domain. You
could consider creating local accounts on TEST2 with the same username and
password but this would be an administrative nightmare.
Hope this answers your question.
--
Ben Vincent
CEng, MCSE NT4-2003
Microsoft UK
Please do not send email directly to this alias. This is our online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2001 Microsoft Corporation. All rights
reserved.
"Arnel" <Arnel@discussions.microsoft.com> wrote in message
news:D3C850FE-6BC6-492D-B473-566BEE81CE6A@microsoft.com...
> Hello,
>
> We have 2 servers running W2K3 Standard Edition. The first server
> (let's call it TEST1) is a dc/fs/dns/dhcp. The second server (let's call
> it
> TEST2) is just a webserver and not joined to the dc because for security
> reasons, and set to use a workgroup name instead of domain. There is a
> page
> on that website that we wanted when users click it, they will get a login
> prompt to login. I already set under the file security settings of that
> page
> not to use anonymous access and checked the authenticated access to use
> Integrated Windows authentication and Digest authentication for Windows
> domain servers as well as inputted the domain name under the realm of
> TEST1's
> dc name. Whenever I visit that page on the site, I get a login prompt,
> but
> is it possible to use a different credential like username@dcname.com or
> dcname\username and then a password so that you can still login to that
> page
> using credentials from the other server. I know this works when you have
> two
> different workgroup/domain by just inputting the domainname\username and
> password to get access to the server. Is it possible on websites? I
> already
> tried it to no avail but just wanted to ask for any suggestions if I am
> doing
> it wrong or any other solutions. I also read about LDAP but not sure
> what/how it is or if it is even applicable. Sorry for the long post and
> if
> it is unclear let me know. Any help is appreciated. Thanks in advance.
>
> Arnel
> praetorian24@DELETECAPShotmail.com
| |
|
| Thanks for the help Ben.
"Ben Vincent [MSFT]" wrote:
> Hi Arnel,
>
> The way to get this working would be to join TEST2 to the TEST1 domain, at
> the moment the server has no way of authenticating against the domain. You
> could consider creating local accounts on TEST2 with the same username and
> password but this would be an administrative nightmare.
>
> Hope this answers your question.
>
> --
> Ben Vincent
> CEng, MCSE NT4-2003
> Microsoft UK
>
> Please do not send email directly to this alias. This is our online account
> name for newsgroup participation only.
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> You assume all risk for your use. © 2001 Microsoft Corporation. All rights
> reserved.
>
>
> "Arnel" <Arnel@discussions.microsoft.com> wrote in message
> news:D3C850FE-6BC6-492D-B473-566BEE81CE6A@microsoft.com...
>
>
>
|
|
|
|
|