Hi,

I'm a bit of newbie to networks and IIS.

The users on my network, log in using a novell login box when they boot up
their pc.

When they open their browser, they have to enter the same username and
password to log into our intranet.

Is there anyway I can get rid of the login prompt for the browser, and log
them in automatically using the initial windows login they entered.

Thanks in advance

On Wed, 8 Jun 2005 07:35:05 -0700, mattastic
<mattas***@discussions.microsoft.com> wrote:

Enable basic authentication, remove anonymous access and add the
intranet to the intranet zone in Internet Explorer.

Jeff

Great thanks John.

Is the username and password stored in a session variable or in the browser?

Is there a way I can access them?

Show quoteHide quote

On Thu, 9 Jun 2005 00:59:01 -0700, mattastic
<mattas***@discussions.microsoft.com> wrote:

Neither.  Unless you sttroed them there that is.  IE passes
credentials to sites it trusts, such as those in the Intranet zone.
It doesn't pass credentials to other sites.

Jeff

FYI: the issue is NOT about removing the login box. The issue is either:
1. you are making IIS require authentication when you do not need it
2. you need the client to auto-authenticate to the web server.

If you have #1, then enable anonymous authentication and disable any other
authentication in IIS. Assuming your anonymous username/password is
correctly configured in IIS, any user should access IIS web pages without
seeing a login box

If you have #2, then you need to configure IIS to require authentication,
disable anonymous authentication, and configure the browser to auto-login
with the current username/password. IIS will challenge for access, but
browser auto-login so no login box shows up.


Re: access to username/password on the server-side

Insecure authentication algorithms like Basic authentication actually sends
over the username:password, so you can retrieve it with AUTH_USER and
AUTH_PASSWORD. Secure authentication methods only send hashes that prove the
remote user knew the password but never sends the password over the
network -- so the server obviously has no way to retrieve the password --
only has the username.

Great thanks John.

Is the username and password stored in a session variable or in the browser?

Is there a way I can access them?

Show quoteHide quote

ASP.NET app permissions
Secure website (cookie/session)
secure site - multiple users w/ 1 user account?
Passing User Credentials to site running under Integrated Security
Anonymous access not working
IIS 6 and % characters in a URL
Making unique URL - internal and external
Your opinion on SSL and common URL to access site from internal and external
Server attack - info please?
IP address and domain name restrictions not available?.