|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
NT Authentication - 2nd challenge/responseSorry, I posted this to the wrong group a few minutes ago. It belongs
here... Hi, I have an IIS ASP website that requires a user to be authenticated on our domain to be let in. However, if a user is already authenticated on the domain they are allowed straight into the ASP web without being challenged for a password. I want them to be challenged for their NT username/password regardless of whether they are logged into the domain on their machines already. Can I do this with IIS/ASP webs? Any suggestions as to how? Thanks, PJ You do this by configuring the browser to not auto-login.
There is no such thing as "if a user is already authenticated on the domain they are allowed straight into the ASP web without being challenged for a password". If you configure IIS to require authentication, by-definition IIS will *always* challenge the remote client for their NT user credentials. The question is whether the remote browser chooses to auto-login using the user's domain-authenticated credentials when IIS challenges the remote client for their NT user credentials. It is this auto-login that gives the impression that an authenticated user is allowed straight into the ASP web without being challenged for a password. You can verify this behavior yourself by looking at the IIS web log file for the request sequence and see that the user is *not* allowed straight into the ASP website and actually gets a 401 challenges... but the browser silently makes a couple more requests to attempt auto-login. Thus, you need to configure the client browser to not auto-login and then they will always be challenged for their user credentials when accessing your website. If you want further customized behavior, you can do so with your own customized authentication protocol. -- Show quoteHide quote//David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "P James" <p.james@NOSPAM.win555inet.com> wrote in message news:unYzKWVOGHA.3924@TK2MSFTNGP14.phx.gbl... > > Sorry, I posted this to the wrong group a few minutes ago. It belongs > here... > > > Hi, > > I have an IIS ASP website that requires a user to be authenticated on our > domain to be let in. However, if a user is already authenticated on the > domain they are allowed straight into the ASP web without being challenged > for a password. I want them to be challenged for their NT > username/password > regardless of whether they are logged into the domain on their machines > already. Can I do this with IIS/ASP webs? Any suggestions as to how? > > Thanks, > PJ > > > > P James wrote:
> Sorry, I posted this to the wrong group a few minutes ago. It belongs Turn off Integrated Windows Authentication.> here... > > > Hi, > > I have an IIS ASP website that requires a user to be authenticated on our > domain to be let in. However, if a user is already authenticated on the > domain they are allowed straight into the ASP web without being challenged > for a password. I want them to be challenged for their NT username/password > regardless of whether they are logged into the domain on their machines > already. Can I do this with IIS/ASP webs? Any suggestions as to how? > 
Other interesting topics
Word 2003 cannot save files to http://host/site/folder/file.doc
IIS Authenthication Error 401.1 Application Pool without Anonymous Access file system object SSL question Tutorial to set up IIS 6.0 on win2003 server HTTP to HTTPS specified request cannot...from current Application IIS 5 belonging to domain? Problem with anonymous user account and OWA |
|||||||||||||||||||||||
