Question

domain authentication on iis server

Asked by: kiranghag

hi all,
i have setup an IIS server which is part of our main domain.
currently i have setup integrated windows authentication to authenticate users..
but it seems that the users are checked against only the local security database.
i want the iis to authenticate the users against our domain database and grant access if its valid.

how do i do it?

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2004-02-04 at 00:37:56ID20872731
Tags

iis

,

domain

,

authentication

Topics

Miscellaneous Networking

,

Domain Name Service (DNS)

Participating Experts
3
Points
250
Comments
12

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. IIS Authentication
    i am working on a web application which uses ASP and COM. I need to get a identification of the client which is logging onto my website. The user belongs to same domain, as of application. If i set Anonymous and Integrated Windows Authentication at IIS directory security, i ...
  2. IIS authentication
    I need help with this.... I need to know how the IIS can show a public web site without Windows Authentication Logon, and when any person Agree the terms and conditions in this web site, the IIS show a Windows Authentication Logon for send this person to another web site. Al...
  3. IIS Authentications problems
    Hi Guys, I have a developemnt server running on Windows 2000, with IIS. My application is asp.net and it requires Integrated Windows authentication. The asp.net app checks if the user is authenticated and lets them enter the site. However, after moving the application to ...
  4. IIS 6.0 authentication
    I am investigating methods of authentication in IIS 6.0. Though on an internal MS domain, I need to have users login using a form, since some users access it from kiosk type clients. Should IIS be set to "forms" or if set to "windows" will negotiate the p...
  5. IIS and authentication
    I am trying to get rid of the annoying login prompt when LAN users connect to our intranet page. Pages are plain old HTML hosted on IIS 6. The web server is a Exchange 2003 member server running windows 2003 SP2. I still want remote/external users to be prompted for id/passwo...
  6. IIS Integrated Windows Authentication
    Hi all, We have internal web servers in our company running IIS 6.0, which we are trying to configure to use Integrated Windows Authentication....which seems to sometimes work, sometimes it doesnt!!!!! Can I just verify I am configuring it correctly. On the folder itself wh...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: nazirahmedPosted on 2004-02-04 at 05:28:26ID: 10270555

check the following, may help you
http://www.microsoft.com/windows2000/en/server/iis/default.asp?url=/WINDOWS2000/en/server/iis/htm/core/iiauths.htm
also check
http://www.iisanswers.com/articles/enablepassthrough.htm
one thing is to remember, it will work only on IE 5.0 on Win2K systems which are part of a domain
cheers

 

by: Nojustice2000Posted on 2004-02-04 at 06:14:00ID: 10270974

Disable Anonymous access

 

by: kiranghagPosted on 2004-02-04 at 08:06:43ID: 10271998

thanks for the links, but sorry to say that I had gone thru them earlier...

first thing is completely useless since its from microsoft's manual which is to be reffered only in ideal situations..never useful otherwise

second link requires me to add a piece of code in each and every page, atleast thats what i got from it.
this will not do good to me in any way..

i'll try to put things in another way...

i have my intranet webserver running iis, win2k advanced server.
i want the employees to access the pages from any intranet enabled machine.
but before they access the page, the browser/server combination should ask for his/her windows password and proceed only if its valid..

how do i do it??



 

by: nazirahmedPosted on 2004-02-04 at 10:06:53ID: 10273252

right...if you please read it once again, may give you some idea

Configuring Basic Authentication

Enabling Basic authentication does not automatically configure your Web server to authenticate users. Windows user accounts must be created and the NTFS permissions properly set, as described earlier.

To properly authenticate users with Basic authentication, the Windows user accounts being used for Basic authentication must have Log On Locally user rights. This right must be assigned because Basic authentication impersonates a local user (that is, a user physically logged on to the server). By default, user accounts on a Windows primary domain controller (PDC) are not granted the Log On Locally user rights.

Note   You can change the requirement for Log On Locally rights by using the Active Directory Service Interfaces (ADSI). For information, see the LogonMethod reference in the Active Server Pages Guide.

You must select a default logon domain. For more information, see Setting the Default Logon Domain.


Caution   The Basic authentication method transmits user names and passwords across the network in an unencrypted form. A computer vandal could use a network monitoring tool to intercept this information. You can use your Web server's encryption features, in combination with Basic authentication, to secure user account information transmitted across the network. For more information, see About Encryption

 

by: kiranghagPosted on 2004-02-04 at 19:30:29ID: 10277511

i tried this thing...

i tried to login using my domain account on the webserver. i was thrown out saying i am not allowed to login from this machine....
i checked the local policy and domain policy using the dcpol snap in and local policy editor from the same machine. there the logon locally right is assigned to domain users..
but the effctive policy for this is not checked...i cant see how to enable it

(PS: i wish to use only integrated login)

 

by: nazirahmedPosted on 2004-02-05 at 08:09:19ID: 10281557

did you disable anoymous login?

 

by: kiranghagPosted on 2004-02-05 at 23:56:55ID: 10288192

where?
the iis server is configured not to accept anonymous logins...thats why the authentication box popped up...
my problem starts after that..

 

by: nazirahmedPosted on 2004-02-06 at 05:48:10ID: 10289643

right, you said webserver is part of domain.

Enabling Basic authentication does not automatically configure your Web server to authenticate users. Windows user accounts must be created and the NTFS permissions properly set, as described earlier (http://www.microsoft.com/windows2000/en/server/iis/default.asp?url=/WINDOWS2000/en/server/iis/htm/core/iiauths.htm)

To properly authenticate users with Basic authentication, the Windows user accounts being used for Basic authentication must have Log On Locally user rights. This right must be assigned because Basic authentication impersonates a local user (that is, a user physically logged on to the server). By default, user accounts on a Windows primary domain controller (PDC) are not granted the Log On Locally user rights.

 

by: amd_kickassPosted on 2004-02-06 at 06:04:38ID: 10289777

>but before they access the page, the browser/server >combination should ask for his/her windows password and >proceed only if its valid

if this is correct and they are alrady authenticated to the server then they wont be asked for user/pass as the server can already distinguish who it is!!!

 

by: kiranghagPosted on 2004-02-07 at 22:09:23ID: 10302195

nazir,
>>Enabling Basic authentication does not automatically configure your Web server to
>>authenticate users. Windows user accounts must be created and the NTFS
>>permissions properly set, as described earlier

i think i am clearly telling that i want to use integrated auth. i have explicitely deselected basic authentication.

>>To properly authenticate users with Basic authentication, the Windows user accounts
>>being used for Basic authentication must have Log On Locally user rights. This right
>>must be assigned because

using the local security policy editor, i added the domain users to allow local login right. but the checkbox "log on locally" is not available next to it.

whenever a domain user tries to log in, the error "your account prevents you to log on locally" appears...

 

by: kiranghagPosted on 2004-02-08 at 02:04:08ID: 10302539

http://support.microsoft.com/default.aspx?kbid=160783
hey folks, the problem seems to be solved...
i had enabled "shutdown pc when security audit log fails" policy.
and while the pc was restarted, the win2k had bombed with a stop error and registry key was present in an unclean manner due to this.

i cleaned it according to the above kb art. and now i am able to log on using my windows login...
need to test it further. i'll post the details in a short while...

 

by: kiranghagPosted on 2004-07-02 at 22:56:25ID: 11461985

thanks for participating friends..

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...