skykingjwc
asked on
Is it possible to set up IIS7 Windows Authentication so that users inside the domain using IE will not see a password prompt?
I have a folder on our IIS7 server that should only be acessible by domain users. While they are inside the building and logged into the domain I would like them to be able to browse to this folder without being bothered by the password prompt. Is there a way to have IIS use the id of the currently logged in user?
I would also like them to be able to access the folder from outside the network (from home) in this case a password prompt is acceptable.
I would also like them to be able to access the folder from outside the network (from home) in this case a password prompt is acceptable.
ASKER
I already tried that and it still pops up the box asking for a password.
I am doing this from inside the buildings while logged into the domain. Our server is on our internal network and is also a domain member.
When I type in my domain credientials it lets me in, but I would like to be able to skip this if I am already logged in.
I am doing this from inside the buildings while logged into the domain. Our server is on our internal network and is also a domain member.
When I type in my domain credientials it lets me in, but I would like to be able to skip this if I am already logged in.
Just wondering, Is anonymous access turned off? I know you can have both anonymous and integrated turned on at the same time.
Since IE will attempt anonymous first, it may be prompting because anonymous does not have access.
Since IE will attempt anonymous first, it may be prompting because anonymous does not have access.
ASKER
Anonymous authentication is off, if i turn it on everyone can get it because the anonymous user is the ASP.NET user.
My current settings are
Anonymous Auth : Off
ASP.NET Impersonation : On
Basic Auth: Off
Forms Auth: Off
Windows Auth: Enabled
My current settings are
Anonymous Auth : Off
ASP.NET Impersonation : On
Basic Auth: Off
Forms Auth: Off
Windows Auth: Enabled
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
A bit late probably, but you should be aware that supplying domain credentials across the Internet is a *BAD THING*, as these will be sent plain text!
If you have to then use SSL to encrypt at least the web-facing connections (enable both HTTP and HTTPS on the server, but only allow incoming Port 443 through the external firewall).
If you have to then use SSL to encrypt at least the web-facing connections (enable both HTTP and HTTPS on the server, but only allow incoming Port 443 through the external firewall).
This is all assuming that the server you have this hosted on is available to outside users.