IIS Server Security - Login Prompt for remote connection

Author

Login Prompt for remote connection

Kenneth Koh

2005-10-24, 11:03 am

Hi all

We have a terrible situation now. We have 3 new web servers (IIS6.0) in the
same domain, each hosting a different web site, e.g. http://companyintranet,
http://hrapp and http://payrollweb . In the LAN environment, the users have
not problem logging into the different sites silently by using Windows
integrated authentication.

Problem occurs when users connects remotely via VPN, with the VPN configured
in a different domain. When the users access the different web sites, they
get prompted for their login ID and password individually. How is it
possible to achieve some sort of a single sign-on with users only logging in
once when, say, visiting http://companyintranet and not prompted for login
again when they are directed to hrapp and payroll?

Thanks in advance!

Regards,
Kenneth

Ken Schaefer

2005-10-24, 11:03 am

You could look at ADFS (Active Directory Federation Services), or similar FI
(federated identity) technologies. They're pretty much all SAML or
WS-Security based.

In terms of what you're asking - why do you think the client browser will
automatically identify http://companyintranet and http://hrapp as places
with some arbitrary credentials not based on the user's logon should be
shared? FI gets around that, but you need to configure the backend stuff.

Cheers
Ken

"Kenneth Koh" <PlsHelpMePls@hotmail.com> wrote in message
news:uXFeA951FHA.916@TK2MSFTNGP10.phx.gbl...
: Hi all
:
: We have a terrible situation now. We have 3 new web servers (IIS6.0) in
the
: same domain, each hosting a different web site, e.g.
http://companyintranet,
: http://hrapp and http://payrollweb . In the LAN environment, the users
have
: not problem logging into the different sites silently by using Windows
: integrated authentication.
:
: Problem occurs when users connects remotely via VPN, with the VPN
configured
: in a different domain. When the users access the different web sites,
they
: get prompted for their login ID and password individually. How is it
: possible to achieve some sort of a single sign-on with users only logging
in
: once when, say, visiting http://companyintranet and not prompted for login
: again when they are directed to hrapp and payroll?
:
: Thanks in advance!
:
: Regards,
: Kenneth
:
:

Kenneth Koh

2005-10-24, 11:03 am

Hi Ken

Thanks for the tip

"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:eQuAnFG2FHA.2792@tk2msftngp13.phx.gbl...
> You could look at ADFS (Active Directory Federation Services), or similar
> FI
> (federated identity) technologies. They're pretty much all SAML or
> WS-Security based.
>
> In terms of what you're asking - why do you think the client browser will
> automatically identify http://companyintranet and http://hrapp as places
> with some arbitrary credentials not based on the user's logon should be
> shared? FI gets around that, but you need to configure the backend stuff.
>
> Cheers
> Ken
>
>
> "Kenneth Koh" <PlsHelpMePls@hotmail.com> wrote in message
> news:uXFeA951FHA.916@TK2MSFTNGP10.phx.gbl...
> : Hi all
> :
> : We have a terrible situation now. We have 3 new web servers (IIS6.0) in
> the
> : same domain, each hosting a different web site, e.g.
> http://companyintranet,
> : http://hrapp and http://payrollweb . In the LAN environment, the users
> have
> : not problem logging into the different sites silently by using Windows
> : integrated authentication.
> :
> : Problem occurs when users connects remotely via VPN, with the VPN
> configured
> : in a different domain. When the users access the different web sites,
> they
> : get prompted for their login ID and password individually. How is it
> : possible to achieve some sort of a single sign-on with users only
> logging
> in
> : once when, say, visiting http://companyintranet and not prompted for
> login
> : again when they are directed to hrapp and payroll?
> :
> : Thanks in advance!
> :
> : Regards,
> : Kenneth
> :
> :
>
>