|
Home > Archive > IIS Server Security > June 2007 > Integrated Windows Authentication and Domain prefix on popup
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Integrated Windows Authentication and Domain prefix on popup
|
|
| Braulio Diez 2007-04-27, 7:17 am |
| Hello,
first of all... "sorry in advance" I come from the development world and
I'm not quite good at the admin. Jargon :-).
In the web application that we have we are using "Integrated Windows
Authentication", what it happens for users that want to authenticate from
outside the domain is that they have to enter as domain preffix in the IE
connect to popup, e.g.:
MyDomain\MyLogin
I have seen that some sites just workaround this and is not needed to enter
the bloody domaind prefix (the users of my web application are used to enter
that login without the prefix :-( ).
Is there any way to configure this? (jejej I was looking for a check box
"By default add programmaticaly the default domain prefix :P).
Thanks in advance, regards
Braulio
| |
| Roger Abell [MVP] 2007-04-28, 7:18 am |
| "Braulio Diez" <braulio121NOSPAM@yahoo.es> wrote in message
news:11B68770-C2DC-461B-A708-CBAA9A0ABB75@microsoft.com...
> Hello,
>
> first of all... "sorry in advance" I come from the development world and
> I'm not quite good at the admin. Jargon :-).
>
> In the web application that we have we are using "Integrated Windows
> Authentication", what it happens for users that want to authenticate from
> outside the domain is that they have to enter as domain preffix in the IE
> connect to popup, e.g.:
>
> MyDomain\MyLogin
>
> I have seen that some sites just workaround this and is not needed to
> enter
> the bloody domaind prefix (the users of my web application are used to
> enter
> that login without the prefix :-( ).
>
> Is there any way to configure this? (jejej I was looking for a check box
> "By default add programmaticaly the default domain prefix :P).
>
> Thanks in advance, regards
> Braulio
>
Not that I am aware of for Windows Integrated auth.
If you enabled plain text then yes, as then IIS has a chance to
edit what they send and insert the domain\ prefix, but with
Windows Integrated it does not have at any time the sting
"username" to adorn before the auth methods.
Roger
| |
| Braulio Diez 2007-04-30, 7:17 am |
| Thanks for the info,
At least is good to know that is not possible :-)
I have a lot of non techie clients that always complain about that.. "Why
the hell I have to write this stupid prefix.."
"Roger Abell [MVP]" wrote:
> "Braulio Diez" <braulio121NOSPAM@yahoo.es> wrote in message
> news:11B68770-C2DC-461B-A708-CBAA9A0ABB75@microsoft.com...
>
> Not that I am aware of for Windows Integrated auth.
> If you enabled plain text then yes, as then IIS has a chance to
> edit what they send and insert the domain\ prefix, but with
> Windows Integrated it does not have at any time the sting
> "username" to adorn before the auth methods.
>
> Roger
>
>
>
| |
| David Wang 2007-05-01, 7:22 am |
| You need the domain prefix for a wide variety of security reasons. And
for the same security reasons, one cannot "prefix" or otherwise modify
the user principal prior to credential validation -- so you have to
give both domain and username in some form. Unfortunately, most
clients' eyes glaze over by the time one goes through the reasons. ;-)
Now, you can enable UPN and those non-techie clients can enter
username@domain.com instead of remembering a "domain prefix". I think
it is a reasonable solution since most websites seem to use either
username or username@domain.com and people seem ok with remembering
it.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
On Apr 29, 11:20 pm, Braulio Diez <braulio121NOS...@yahoo.es> wrote:
> Thanks for the info,
>
> At least is good to know that is not possible :-)
>
> I have a lot of non techie clients that always complain about that.. "Why
> the hell I have to write this stupid prefix.."
>
>
>
> "Roger Abell [MVP]" wrote:
>
>
>
>
>
>
>
>
>
> - Show quoted text -
| |
| Brent Magnant 2007-06-13, 7:24 pm |
|
>
>Not that I am aware of for Windows Integrated auth.
>If you enabled plain text then yes, as then IIS has a chance to
>edit what they send and insert the domain\ prefix, but with
>Windows Integrated it does not have at any time the sting
>"username" to adorn before the auth methods.
>
>Roger
Then what is the function of DefaultLogonDomain ? I see many
references to using it for FTP access, why not for web access?
Brent
|
|
|
|
|