Passing User ID and Password to another IIS Box

I have a website that acts as the company extranet as well as a portal for our users to access their employee information. When clicking on the Employees link they are required to put in their network user name and password. Once authenticated they can browse their employee information. There is a link they can click on once logged in that will take them to their OWA, but OWA is on the Exchange server on another box. When the user clicks on that link they are required to put in their user name and password again.

Is there a way around that? Can I configure the IIS boxes to share the user name and password? Both boxes are in the same domain and are located on the same subnet and all that. Users would like to be able to log in once while inside the firewall and using a computer outside the network, like their laptop or home machine.

Thanks!
simplemojoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

meverestCommented:
Hi,

you need to think about http protocol to understand why that happens.  every request from a web server is essentially an independent interaction between the given client and the server.  the only way that a server even knows that a request is part of an active 'session' (i.e. the user has previously logged in to access content) is by setting a cookie in the client browser, then the client sends that cookie with each subsequent request to the server.

that cookie, of course, is only ever valid on that server, and is effectively non-transferrable (in fact irrelevant) on any other server.

therefore, any logged-in session on the web site has no relevance to the OWA server.

there are work-arounds, of course, that involve shared access to session information between multipke web servers in a central data store, and then use of a 'token' in the url to reference the relevant session.

these schemes, however, are generally proprietry to teh specific web application, and I don't think that OWA supports such a scheme.

Cheers.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Browsers

From novice to tech pro — start learning today.