|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
IIS6 and Authentication across Servers and DomainsI am hoping that someone may be able to help me resolve the following issue when trying at authentication across servers and domains. Each of the client computers will be a member of one domain (Domain_A) and each of the servers will be a member of a second domain (Domain_B). The user will login into each domain with a separate username and password held in Active Directory. A trust is currently not in place between these two domains and it unlikely that one can be created. As the user's device is not in the same domain as the servers I am using Basic authentication (configured for IIS on all servers) rather than Integrated authentication. Is this the correct approach? I am trying to achieve the following scenario: 1) The user logs onto their client device in the first domain e.g. Domain_A\User_A 2) The user launches IE6 and enters the URL of a web page on one of the servers in the second domain e.g. http://Domain_B/Server_1/Index.html 3) The user is prompted to enter their username and password for the second domain to access the webpage e.g. Domain_B\User_1 4) The web page is displayed to the user. The web page contains personalised content, so I cannot use an anonymous login. So far so good 5) The user clicks on a link to a web page on another server in the second domain e.g. http://Domain_B/Server_2/Index.html and the web page is displayed At this point the user is prompted to enter their username and password for a second time. Is it possible to display the web page on the second server without requiring the user to re-enter the same username and password they provided when accessing the first server? All suggestions would be most appreciated. James <jamesaev***@hotmail.com> wrote in message
news:1116937988.368720.264950@g43g2000cwa.googlegroups.com... Since you are connecting to an IIS server in DomainB, whether you use Basic,: A trust is currently not in place between these two domains and it : unlikely that one can be created. As the user's device is not in the : same domain as the servers I am using Basic authentication (configured : for IIS on all servers) rather than Integrated authentication. Is this : the correct approach? Digest or Integrated is irrelevant. The only thing that won't work is Kerberos authentication (unless you create the trust), but the NTLM part of IWA will work. : I am trying to achieve the following scenario: You need to look at SSO (single sign on) solutions. A browser doesn't send : : 5) The user clicks on a link to a web page on another server in the : second domain e.g. http://Domain_B/Server_2/Index.html and the web page : is displayed : : At this point the user is prompted to enter their username and password : for a second time. Is it possible to display the web page on the : second server without requiring the user to re-enter the same username : and password they provided when accessing the first server? the user's credentials (especially using Basic authentication, which has the username and password in clear text) to any old server on the internet without the user's permission. Just because the user OKed sending the credentials doesn't mean that the browser is going to take it upon itself to send these clear-text credentials to some other arbitrary server on the 'net. Cheers Ken 
Other interesting topics
SetSPN.Exe
AD Custom App Pool identity, Custom IUSR identity, and a lot more. IIS 6 on Win2003 with SP1 Cannot Create new VS Web Project Custom Errors Anonymous Login Failure Cookie problem with ShowModalDialog and window.open Basic Authentication - Sometimes No Prompt anonymous user does not work IIS / OWA |
|||||||||||||||||||||||
