Solved

Integrated Windows authentication is not working in IE

Posted on 2008-10-22
5
1,885 Views
Last Modified: 2012-05-05
We have an intranet.  To control access to it, we use cheap IIS integrated windows authentication.  When going to the address -- 10.18.10.100/employee_intranet -- Firefox users get a login prompt.  When IE users go to that address, they immediately receive my custom unauthorized page.  What can I do to fix this?
intranet.jpg
0
Comment
Question by:mrcoulson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:meverest
ID: 22784588
Hi,

probably those IE users are logged in to a domain that does not have rights to the web content.

try disabling windows auth and enable only basic auth.

Cheers.
0
 

Author Comment

by:mrcoulson
ID: 22785119
But doesn't basic authentication send only with clear text?  I don't know if I want our user's passwords flying around the internet like that.
0
 
LVL 37

Expert Comment

by:meverest
ID: 22791342
Yes,

generally, if you want security at all, then you will want to use ssl to encrypt your access credentials - ALL of them, even windows integrated.

Cheers.
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 22793285
Use a fully qualified domain name for the website that matches the client computers domain. Then IE will recognize the site as a 'Local Intranet' site and log in automatically.

Otherwise add the site in the 'Trusted Sites' zone and set 'Automatic Login' for trusted sites.

Don't use SSL for your intranet (too much overhead) and you are correct, Basic Authentication isn't secure and adding SSL to compensate is overkill.

By the way, to setup auto login in FireFox type 'about:config' in the address bar.  Then in the Filter text box type 'NTLM' and some options will show up.  There is one you can add trusted domains to automatically log in.
0
 

Accepted Solution

by:
mrcoulson earned 0 total points
ID: 23102140
I just told IIS to reject all except a range of IP addresses which match our internal network and some remote sites.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

First of all, clustering IIS is something you should rarely consider doing. In almost all cases, Microsoft Network Load Balancing (NLB) (http://technet.microsoft.com/en-us/library/cc758834(WS.10).aspx) is a much better solution when you need to p…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question