Solved

IIS, domain prompt with authentication

Posted on 2002-03-21
7
397 Views
Last Modified: 2010-04-13
I'm confused.  I set up an IIS website in win2k adv. server.  I'm using windows authentication for the 'members' area of my site.  When the username/password prompt pops up, there is a 'Domain' field.  My server is not set up as a Domain controller and I didn't give it a default domain.  The server thinks it's name is "Server1." with no default domain.  I can't authenticate the users of my members group because there is no domain for my local machine.  All the domain stuff is taken care of in DNS and virtual directories.  I don't even WANT my server to have a default domain.  Is there a way to bypass the domain field in the username/password prompt?  I don't even want it to show up.  Am I going to have to install Apache for Windows to accomplish what I'm trying to do?  I HOPE NOT!  Thanks.
0
Comment
Question by:GorGor1
  • 3
  • 3
7 Comments
 
LVL 17

Expert Comment

by:mikecr
ID: 6887433
What operating system is giving you that prompt? Normally only Windows 2K/XP will do that. If a user hits your site and your using Windows Authentication on your site, you should have accounts set up on your server for each person. In Windows 95/98 a user will only get a two tiered screen for logon with his username and password. If they are running 2K or XP, they can be prompted for a domain logon depending on how there computer is set up. You should be able to bypass this because you don't need to put the domain name in, or, you can use the computer name in place of the domain name.
0
 
LVL 1

Author Comment

by:GorGor1
ID: 6887523
I had a friend of mine try to connect to the protected area and the domain field was there.  He's using win98.  It appears that win2k server controls the username/password prompt.  Does anyone know of a way to disable the 'Domain' field?
0
 
LVL 37

Accepted Solution

by:
meverest earned 50 total points
ID: 6887734
go into the IIS manager (MMC snap-in), right click on the web site, choose properties.

now select 'security' tab, click edit for anonymous access and authentication control, UNcheck 'integrated windows auth.

the domain box should disappear.

note that this will cause auth to be just plain text passwords.  if you want the nt challenge-response auth, then you will need to force the domain login. (if it is a standalone server, the domain will usually be just the server  name, maybe with a '0' [zero] at the end - like MYSERVER0\username)

cheers.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 1

Author Comment

by:GorGor1
ID: 6887771
Meverest, is using plain text authentication a security risk?  I was under the impression that it's a bad idea to use plain text.  It IS a solution, but is it a good solution?
0
 
LVL 37

Expert Comment

by:meverest
ID: 6887890
it's your call.

don't forget that even if the authentication control is encypted/secured, the actual data that is transferred back & forth throughout the entire session that follows.

the real benefit of windows challenge response is that even if someone captures the info during transit, they will not be able to (easily) capture the credentials to access directly themselves.

anyway, what about apache - probably the most popular web server in the world - it can't be too bad a security risk if the more web auths are plaintextthan not...

if you want *real* security, use SSL and don't rely on some proprietary auth scheme alone.

Cheers.
0
 
LVL 1

Author Comment

by:GorGor1
ID: 6890172
Thanks homie!  That helps!
0
 
LVL 37

Expert Comment

by:meverest
ID: 6892000
homie? ... wha?
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Are you unable to connect or configure Hotmail email account in Microsoft Outlook 2010, 2007? Or Outlook.com emails are not downloading to Outlook? Lets’ see the problem and resolve Outlook Connector error syncing folder hierarchy (0x8004102A).
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now