We help IT Professionals succeed at work.

IIS Login integration in INtranet?

khurram007
khurram007 asked
on
390 Views
Last Modified: 2008-02-28
I am working on the Intranet of my Company. For login security, I am told to integrate IIS Login in Intranet?. Can anyone told me how to do this???

500 globes for the solution...

Khurram.
Comment
Watch Question

Open Up the IIS console (You can easily access it by Typing in inetmgr in the Run command line or from the programs list)
Choose the Site/Virtual directory for which Integrated Windows Authentication is to be enabled.
Right Click on the site and choose the properties tab
Select the Directory Security Tab
Uncheck the 'Anonymous Access' Option.
Check the 'Integrated Windows Authentication' Option
Click OK
Click Apply and colse the IIS Console


For more information on authentication methods.. refer.. http://www.winnetmag.com/Web/Article/ArticleID/15843/15843.html

Cheers!!

Commented:
If you want them to avoid having to login to the site as well then they will have to check 'Automatic Login in Intranet Zone' as well under the security custom button of IE.

In addition the server will need to be connected to a domain control that holds the users accounts or can chain on to them.

Steve

Author

Commented:
Well, what should I have to do in the coding department other than enabling security in IIS???

Khurram

Commented:
Assuming that you have no login stuff within your site (ie a username password system that doesn't use the Windows Password system) then you have nothing else to do.

Steve

Author

Commented:
I have tried to access the application from a parallel pc in my domain, and it accessed the default page easily without needing any authentication :(

Khurram

Commented:
Assuming that you have the 'Automatic Login in Intranet Zone' with the browser checked its because you are already logged into the domain and therefore do not need to re-authenticate as it knows who you are.

If this is not the case then possibly you need to restart IIS and conceivably clear the cache on the browser. This latter course of action isn't to resolve a problem with the set up but because there is a bug in IE that causes a page to be cached and no head request is ever sent to established if it is still to be used so it redisplays the page from cache without reference to the server.

HTH
Steve

Author

Commented:
Can u guide me what should I do to check whether the security is applicable or not??? after all I need to test it, and display the function working...

Khurram

Commented:
OK first to prove to your self that it is working: create a page on the server that looks like the one below and point you browser to it.

<html><BODY>
<TABLE border="1">
<%
for each field in request.servervariables
response.write( "<TR><TH align=left valign=top>"&field&"</TH><TD valign=top>"&request.servervariables(field)&"&nbsp;</TD></TR>")
next
%>
</TABLE>
</body>
<HTML>

If you have been authenticated then the variable LOGON_USER will have you username in it.

Next to prove it to someone else go to a PC and turn off the 'Automatic Login in Intranet Zone' and reboot the PC. When you connect to the site you should be prompted for the username and password.

Alternatively if it is possible to log off your domain, for example by creating a local account and then accessing your server by IP address, you again should be prompted for the username and password.

HTH
Steve

Author

Commented:
Can u tell me how to turn off the 'Automatic Login in Intranet Zone' ???

Khurram
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Nice Job Mouatts...

Keep it up!!!

Here r ur 500 globes...

Khurram
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.