Home All Groups Group Topic Archive Search About

IIS6 and Pass-Through Authentication

microsoft.public.inetserver.iis.security
Author
15 Jun 2005 8:13 PM
Arkane
We have a Windows 2003 DC (Active Directory) and an IIS6 Webserver to host
our intranet.

We have 3 forests, however we would like all users in DOMAIN_A to simply
'pass' their credentials to IIS6 without having to type them, so they can get
to restricted areas of the site without the need for manual authentication.
Any other users from either DOMAIN_B or DOMAIN_C should be required to
authenticate, of course it should only accept usernames/passwords from
DOMAIN_A.

How would I achieve this? I've tried creating a virtual directory and
setting it's security to be 'Integrated Windows Security' and have also tried
'Basic Authentication' but both require I authenticate manually, am I doing
something wrong? Am I missing out an extra step somewhere?

Any thoughts or ideas are appreciated.

Author
15 Jun 2005 8:44 PM
Tom Kaminski [MVP]
5270788EA***@microsoft.com...
Show quoteHide quote
> We have a Windows 2003 DC (Active Directory) and an IIS6 Webserver to host
> our intranet.
>
> We have 3 forests, however we would like all users in DOMAIN_A to simply
> 'pass' their credentials to IIS6 without having to type them, so they can
> get
> to restricted areas of the site without the need for manual
> authentication.
> Any other users from either DOMAIN_B or DOMAIN_C should be required to
> authenticate, of course it should only accept usernames/passwords from
> DOMAIN_A.
>
> How would I achieve this? I've tried creating a virtual directory and
> setting it's security to be 'Integrated Windows Security' and have also
> tried
> 'Basic Authentication' but both require I authenticate manually, am I
> doing
> something wrong? Am I missing out an extra step somewhere?
>
> Any thoughts or ideas are appreciated.

This is not pass through authentication - that's something altogther
different.  In order to get IE to pass the credentials in the background for
Windows Integrated authentication, IE needs to recognize you FQDN as part of
the intranet.

http://support.microsoft.com/?id=258063

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsserver2003/community/centers/iis/
http://mvp.support.microsoft.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
"Arkane" <Ark***@discussions.microsoft.com> wrote in message
news:6778635E-9972-471B-8711-



Post Other interesting topics
Problem w/ Integrated Auth -- Receiving User/Pass dialog box against IIS6
Accessing Site as Anonymous
MS IIS Internal IP Address/Hostname Vulnerability
Windows Integrated Authentication on standalone server
401.3 on IIS after SP1
IUSR account passwords sync
Win2003 Server/IIS 6.0 Anonymous Login not working
Most secure solution for ftp (IIS?)
Can't get rid of localstart.asp
Custom erorr messages