|
Home > Archive > IIS Server Security > October 2005 > Prompt for password with Windows Authentication activatet!
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Prompt for password with Windows Authentication activatet!
|
|
| StoreThomas 2005-09-29, 7:51 am |
| Hi!
I've got a problem on a SBS 2003 running sharepointsites on a IIS 6.
The server has two seperate sites configured. intranet.site1.dk and
intranet.site2.dk. Actually is also has companyweb and a lot of other stuff
configured too.
Ok the thing is that I've configured the sites to use Windows Authentication
as I have with companyweb. When I access companyweb I'm acces the site
without a password prompt, but as soon as I try to acces one of the
intranet.siteX.dk sites I'm promptet for a password. I then put in the right
username and password and logs on, but I need to get the password prompt
removed so it works just like companyweb without an anoying prompt. (needless
to say that I should still be prompted for username/password when I acces the
sites from a computer that's not logged on to the domain)
The sites are configured with host headers (intranet.site1.dk and
intranet.site2.dk). I've tried to put in a host header that leaves out the
siteX.dk part so that I can access it by just typing the forst part - f.ex.
"intranet1" (remembered to update dns server) and then I lock on to the sites
WITHOUT a password prompt. Also tried with the "hosts" files with exactly the
same result as described above.
How can I fix this problem when I still wanna keep the siteX.dk part so that
I'm able to log on to the sites from another internet connected site?
Any help would be much appreciated
Best Regards
Thomas
| |
| David Wang [Msft] 2005-10-01, 2:49 am |
| The issue is not a matter of "getting rid of the password prompt" or
"achieving SSO". The issue is security and delegation, and what you are
asking for is insecure behavior. Since the protocols you use are secure,
your insecure behavior is not allowed.
You are accessing two different websites thus two different connections as
far as the authentication protocol is concerned.
So why should the client auto-authenticate between two different websites.
Also, why should one website trust the auto-authentication of another
website that has no trust-relationship. With no relationship between the
websites, one could be good-guy.com and the other is bad-guy.com . Why
should good-guy.com trust the authentication from bad-guy.com? Why should
the browser auto-authenticate with bad-guy.com simply because it
auto-authenticated with good-guy.com?
Read the SSO-related entries to understand what is going on.
http://blogs.msdn.com/david.wang/ar...erations_2.aspx
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"StoreThomas" <StoreThomas@discussions.microsoft.com> wrote in message
news:1F476174-CC17-4856-9919-C82C9E6C35BD@microsoft.com...
Hi!
I've got a problem on a SBS 2003 running sharepointsites on a IIS 6.
The server has two seperate sites configured. intranet.site1.dk and
intranet.site2.dk. Actually is also has companyweb and a lot of other stuff
configured too.
Ok the thing is that I've configured the sites to use Windows Authentication
as I have with companyweb. When I access companyweb I'm acces the site
without a password prompt, but as soon as I try to acces one of the
intranet.siteX.dk sites I'm promptet for a password. I then put in the right
username and password and logs on, but I need to get the password prompt
removed so it works just like companyweb without an anoying prompt.
(needless
to say that I should still be prompted for username/password when I acces
the
sites from a computer that's not logged on to the domain)
The sites are configured with host headers (intranet.site1.dk and
intranet.site2.dk). I've tried to put in a host header that leaves out the
siteX.dk part so that I can access it by just typing the forst part - f.ex.
"intranet1" (remembered to update dns server) and then I lock on to the
sites
WITHOUT a password prompt. Also tried with the "hosts" files with exactly
the
same result as described above.
How can I fix this problem when I still wanna keep the siteX.dk part so that
I'm able to log on to the sites from another internet connected site?
Any help would be much appreciated
Best Regards
Thomas
| |
| StoreThomas 2005-10-07, 7:49 am |
| Hi David!
Thanx for the answer.
Best Regards
Thomas
"David Wang [Msft]" wrote:
> The issue is not a matter of "getting rid of the password prompt" or
> "achieving SSO". The issue is security and delegation, and what you are
> asking for is insecure behavior. Since the protocols you use are secure,
> your insecure behavior is not allowed.
>
> You are accessing two different websites thus two different connections as
> far as the authentication protocol is concerned.
>
> So why should the client auto-authenticate between two different websites.
> Also, why should one website trust the auto-authentication of another
> website that has no trust-relationship. With no relationship between the
> websites, one could be good-guy.com and the other is bad-guy.com . Why
> should good-guy.com trust the authentication from bad-guy.com? Why should
> the browser auto-authenticate with bad-guy.com simply because it
> auto-authenticated with good-guy.com?
>
> Read the SSO-related entries to understand what is going on.
> http://blogs.msdn.com/david.wang/ar...erations_2.aspx
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no rights.
> //
> "StoreThomas" <StoreThomas@discussions.microsoft.com> wrote in message
> news:1F476174-CC17-4856-9919-C82C9E6C35BD@microsoft.com...
> Hi!
>
> I've got a problem on a SBS 2003 running sharepointsites on a IIS 6.
>
> The server has two seperate sites configured. intranet.site1.dk and
> intranet.site2.dk. Actually is also has companyweb and a lot of other stuff
> configured too.
>
> Ok the thing is that I've configured the sites to use Windows Authentication
> as I have with companyweb. When I access companyweb I'm acces the site
> without a password prompt, but as soon as I try to acces one of the
> intranet.siteX.dk sites I'm promptet for a password. I then put in the right
> username and password and logs on, but I need to get the password prompt
> removed so it works just like companyweb without an anoying prompt.
> (needless
> to say that I should still be prompted for username/password when I acces
> the
> sites from a computer that's not logged on to the domain)
>
> The sites are configured with host headers (intranet.site1.dk and
> intranet.site2.dk). I've tried to put in a host header that leaves out the
> siteX.dk part so that I can access it by just typing the forst part - f.ex.
> "intranet1" (remembered to update dns server) and then I lock on to the
> sites
> WITHOUT a password prompt. Also tried with the "hosts" files with exactly
> the
> same result as described above.
>
> How can I fix this problem when I still wanna keep the siteX.dk part so that
> I'm able to log on to the sites from another internet connected site?
>
> Any help would be much appreciated
>
>
> Best Regards
> Thomas
>
>
>
|
|
|
|
|