We have a situation in whch we have 3 IIS 6.0 servers. Each has it's own IP
and SSL cert. 1 is on a box and the other 2 are virtual servers on a second
box.  When ever a person goes between these addresses in a new browser
session they get challenged for their credentials. We would like to provide 
a
single sign on experience if possible. Any one know how?

Thanks

[ Post a follow-up to this message ]

Without using something like Federated Identity Management, I don't think
this is possible.

As far as the browser is concerned, these are three different sites with no
real relationship to each other. Why should the browser automatically send
the user's credentials to the second site? Especially if the authentication
type is Basic (which means that the user's username/password is sent in
clear text, and can thus be read by any malicious operator of "site 2")?

You can configure IE to "auto logon" to sites - however you need to meet all
the requirements in this page:
http://support.microsoft.com/?id=258063
Other browsers generally don't support this functionality.

Otherwise, you need to look at FIM-type SSO solutions...

Cheers
Ken

"steve h" <steveh@discussions.microsoft.com> wrote in message
news:1E23C8C9-A9E8-4D80-8E13-5CD7961BFA48@microsoft.com...
> We have a situation in whch we have 3 IIS 6.0 servers. Each has it's own
> IP
> and SSL cert. 1 is on a box and the other 2 are virtual servers on a
> second
> box.  When ever a person goes between these addresses in a new browser
> session they get challenged for their credentials. We would like to
> provide a
> single sign on experience if possible. Any one know how?
>
> Thanks

[ Post a follow-up to this message ]

"examnotes" <steveh@discussions.microsoft.com> wrote in message news:<1E23C8C
9-A9E8-4D80-8E13-5CD7961BFA48@microsoft.com>...
> We have a situation in whch we have 3 IIS 6.0 servers. Each has it's own I
P
> and SSL cert. 1 is on a box and the other 2 are virtual servers on a secon
d
> box.  When ever a person goes between these addresses in a new browser
> session they get challenged for their credentials. We would like to provid
e a
> single sign on experience if possible. Any one know how?
>
> Thanks

Hi,

a single sign on experience is possible when all your applications are
within the same internet domain (for example: app1.yourdomain.com and
app2.yourdomain.com). The key is to develop an ISAPI filter or a .NET
HttpModule that inspects every request for a cookie value that is
issued by a logon page using a cookie domain like ".yourdomain.com".
The cookie domain causes browsers to transport the cookie to all your
sites within *.yourdomain.com.
For details, see the principle here: http://www.kp-it.de. This is a
tool my company offers to deal with web single-sign-on scenarios.

Konrad

[ Post a follow-up to this message ]