|
Home > Archive > IIS Server Security > January 2007 > Domain Authentication in IIS 6 using Integrated Windows Authentica
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Domain Authentication in IIS 6 using Integrated Windows Authentica
|
|
|
| I have an IIS 6 server running in our Intranet (not a domain controller). I
set some folders to be protected by requiring users to be authenticated using
Integrated Windows Authentication. This works with the users entering their
username (and password of course) in the format of
USERNAME@myinternaldomain.com or myinternaldomain.com\USERNAME.
My CEO wants us to just be able to use the simple USERNAME format. I have
been reading the technet articles, blogs, forums and I now believe that the
only way I could do this is to change the metabase setting of
"DefaultLogonDomain" to be set to myinternaldomain.com .
I believe that this issues was discussed somewhat in a 12/9 posting on this
forum entitled "Login not require a domain in IIS hosted site?" but the
possibility of modifying the metabase "DefaultLogonDomain" property was not
mentioned nor shot down as a real possibility.
Finally, thanks to anyone who posts a reply. Looking through the previous
posts I am amazed at the knowledge and even the kindness of folks who are
posting answers.
| |
| Indigenous 2007-01-17, 7:21 am |
| Jim
Do you want to be prompted for a username and password or do you want
automatic logon?
If you want username password (as you suggest below) then I suggest you use
Basic Authentication (or digest) rather than Integrated Windows. This being
the case, you can then set the domain and realm to be you domain in the IIS
admin console (on the security dialog under authentication type). If you do
this, you won't need to enter the domain when prompted for credentials.
You don't mention whether you site is internet extranet or intranet so I
don't know whether you have any firewalls between you client and web server
(ie and iis) but if you do then integrated windows auth won't work that well
anyway.
"Jim R" wrote:
> I have an IIS 6 server running in our Intranet (not a domain controller). I
> set some folders to be protected by requiring users to be authenticated using
> Integrated Windows Authentication. This works with the users entering their
> username (and password of course) in the format of
> USERNAME@myinternaldomain.com or myinternaldomain.com\USERNAME.
>
> My CEO wants us to just be able to use the simple USERNAME format. I have
> been reading the technet articles, blogs, forums and I now believe that the
> only way I could do this is to change the metabase setting of
> "DefaultLogonDomain" to be set to myinternaldomain.com .
>
> I believe that this issues was discussed somewhat in a 12/9 posting on this
> forum entitled "Login not require a domain in IIS hosted site?" but the
> possibility of modifying the metabase "DefaultLogonDomain" property was not
> mentioned nor shot down as a real possibility.
>
> Finally, thanks to anyone who posts a reply. Looking through the previous
> posts I am amazed at the knowledge and even the kindness of folks who are
> posting answers.
|
|
|
|
|