We have many users that share computers. The computers are logged on using a
generic user account so that certain apps can continue to run and be
available all day.

We have a particular web site that requires Windows Integrated
authentication whereas all the others on the web server can use Basic
authentication.

We need users to log into the web site because it has data that is
user-specific.

Do you have any ideas on how we could have the Windows Integrated
authentication turned on but still require logon at the website?

Thanks

On Nov 26, 3:19 pm, Charles Allen <cal...@nospam-bkd.com> wrote:

Show quote

Hide quote

Personally, I question the security of such an arrangement. If
multiple users share the same Windows login, what prevents one of the
users from planting software to steal and impersonate another user?

Assuming you are ok with the security concerns, then I think that what
you want to do should just work by default if the generic user account
does NOT have permissions to the website that requires Windows
Integrated authentication. I'm assuming the website is Intranet and
without dots in the name (i.e. http://localSite and not http://local.Site).

In such a situation, you can configure localSite to be in the Intranet
zone, and then configure IE to always prompt for username:password
(i.e. never auto-login) for those sites. You don't need to use Basic
authentication to force user login dialog, and it works with Windows
Integrated as well.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

IIS requiring authentication
Kerberos
Possible to write plug-in to handle password expiry etc.?
Basic Authentication fails with Error 401.2 where Integrated succe
can't install user certificcate from other ad domains