|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Change in ASP.Net authentication between Win2000 and Win20032000 box to a Windows 2003 box. In migrating OSs and from IIS 5 to IIS 6, we've noticed a significant difference in how Windows integrated security works with our ASP.Net web pages. For our web sites where directory security is set to integrated windows authentication, users already authenticated to our network are often challenged with a logon screen when trying to access ASP.Net web pages. To make a very long story short, we've discovered the work-around is to uncheck "Enable Integrated Window Authentication" under IE 6's advanced internet options (checked on by default with XP). Contrary to what the label on this checkbox option implies, unchecking it still passes authentication credentials from the client to the server and everyone's happy. In the old Windows 2000/IIS 5 world, checking or unchecking this box makes no difference. In researching this, I've followed a wandering path of Kerberos versus challenge/response authentication. However, nothing in the spotty Microsoft online documentation explains why IIS 5 running on Windows 2000 behaves differently than IIS 6 on Windows 2003. In fact, the documentation leads one to believe they should behave identically. One further issue. When logged onto the Windows 2003 server, if I log onto an ASP.Net page with IE 6 using "localhost" in the address everything's fine. However, if I use the DNS name (e.g. http://myservername/myaspdotnetpage.aspx) I'll get the login prompt. In this case, checking or unchecking the "Enable Integrated Window Authentication" option makes no difference. On our Windows 2000/IIS 5 box there is no challenge for a logon. What gives? Thanks in advance for your help! "Craig Banks" <ba***@co.henrico.va.us> wrote in message I would suspect that this behaviour occurs because "localhost" is (by news:%23LqRmFtNFHA.2880@TK2MSFTNGP10.phx.gbl... : One further issue. When logged onto the Windows 2003 server, if I log onto : an ASP.Net page with IE 6 using "localhost" in the address everything's : fine. However, if I use the DNS name (e.g. : http://myservername/myaspdotnetpage.aspx) I'll get the login prompt. In this : case, checking or unchecking the "Enable Integrated Window Authentication" : option makes no difference. On our Windows 2000/IIS 5 box there is no : challenge for a logon. default) in IE's Intranet security zone, and a fully qualified DNS name isn't (e.g. myservname.com). Adding myservername.com into IE's Intranet security zone should enable Auto-Logon. See: http://support.microsoft.com/?id=258063 for more information Checking/unchecking "Enable Integrated Windows Authentication" enables/disables Kerberos support. As David has suggested, if toggling that switch changes behaviour, then perhaps Kerberos is not configured correctly (or similar) Have you tried using AuthDiag to troubleshoot this issue? Cheers Ken 
Other interesting topics
Changing folder security
Custom principles and DnsPermission.Demand() X.509 certificates and httpwebrequest Problem with RSACryptoServiceProvider ( incorrect usage of public-private keys ? ) RE: Designtime licenses, I just don't get it User's Privileges revoke Windows authentication credentials for a session Sharing Application and Session scope with ASP in IIS6 HELP Security in .Net framework Decoding extended ascii base64 string |
|||||||||||||||||||||||
