Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 657
  • Last Modified:

Win 2008 Website Authentication

We currently have a Win 2008 Standard Server setup for our websites and it's part of a domain and our AD for authentication. We have a few websites setup to only allow internal & authenticated people to access them. So in IIS7 for each of these websites under "Authentication" we have "Anonymous" disabled and "Basic Auth..." and "Win Auth..." enabled. The problem is when we try to access these websites on a PC using IE7 the browser is not able to login unless I enter my user name like "MyDomain\UserName" and my password. If I try to enter just "UserName" and password I get a "401 - Unauthorized: Access is denied due to invalid credentials."? But in FireFox it works fine just entering "UserName" and password no domain is required in the user name. Does anyone know how to resolve this? Any help is appreciated.

Thank you,

Mike
0
davisadmin
Asked:
davisadmin
  • 5
  • 4
  • 3
2 Solutions
 
meverestCommented:
Hi,

disable 'windows auth' and use only 'basic auth' then IE will behave the same as firefox.

alternatively, if the local PC is logged on to the domain and the web site is in the IE 'trusted' zone, the user will not need to enter credentials at all (IE will use the logged on credentials automatically)

Cheers.
0
 
davisadminAuthor Commented:
Hi meverest,

Thanks for your reply. Unfortunately our computers are not logging to the domain. They are stand alone since 95% of them are Macs. We only have a few PCs in the office and those are the ones that are having the problem. All Macs are able to login and authenticate using FireFox and Safari with no problems but the PCs that are using IE are the problem. I've tried what you suggested by disabling "Win Auth" and only having "Basic Auth" but now I can't login at all, not even with FireFox on both PC and Mac? Any other suggestions or configurations that I could try?

Thank you,

Mike
0
 
davisadminAuthor Commented:
One thing I should mention is the Win 2008 server is not the domain control. It's part of the domain and the AD is not on this machine either. It's on another Win 2003 machine.

Mike
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
meverestCommented:
Hi,

safari and firefox do not do windows auth, so there /should/ be no affect on their behavior from disabling windows auth.

do you have the default domain listed in the relevant field?

Cheers.
0
 
Ted BouskillSenior Software DeveloperCommented:
Meverest: We use only Windows authentication with Safari and Firefox in our site.  The only thing Safari doesn't support is automatic logon.

Have you tried disabling 'Basic Authentication' and only using 'Windows Authentication' which is essentially encrypted NTLM authentication?
0
 
davisadminAuthor Commented:
I've tried removing "win auth" and only having "basic auth" but then FireFox doesn't work either? It's strange but it's really happening and I'm sure why. It's the same on PC and Mac.

Mike
0
 
Ted BouskillSenior Software DeveloperCommented:
I'll repeat my comment: "Have your tried disabling 'Basic Authentication' and only use 'Windows Authentication'?
0
 
davisadminAuthor Commented:
tedbilly,

I've tried that as well but the problem is I don't want users to have to type "Domain\UserName". I would like them just to type "UserName" and their password to login. The strange thing is it works if I just use "UserName" + my password in the login with FireFox on both PC and Mac but if I try it with IE 7 it doesn't work. I have to put "Domain\UserName" + my password to login with IE 7. What is the difference that it works with FF but not IE?

Mike
0
 
Ted BouskillSenior Software DeveloperCommented:
Sorry, but I don't think there is a viable solution.  The implementations are all too different.  Only a cookie based form authentication system would give you consistent results.
0
 
meverestCommented:

>> What is the difference that it works with FF but not IE?

hey - my comment above:

> safari and firefox do not do windows auth, so there /should/ be no affect on their behavior from disabling windows auth.

that is the difference.  IE is 'smart' (that's 'smart' with a capital Microsoft) so it is IIS-aware.

if the IE is logged in to some domain (even local machine) then it will probably try to send "computername\username" every time.

Take a look at the web server log files to see what the actual username passed is.  Also, you can use fiddler (www.fiddlertool.com) to inspect the http headers and see what username IE is sending.

Cheers!
0
 
davisadminAuthor Commented:
Meverest,

Thanks for your reply. I did some tests with the following combination:

Test 1) Enabled "Win Auth" and "Basic Auth" both FF 3.x and IE 7 work, but for IE 7 I have to put "Domain\UserName" but for FF I only have to enter "UserName".

Test 2) Enabled "Basic Auth" and disabled "Win Auth" both work but I have to enter "Domain\UserName" for both FF and IE to be able to login. Where in test 1 above for FF I only had to enter "UserName" to login.

Test 3) Enabled "Win Auth" and disabled "Basic Auth" both FF and IE work. For IE I still have to enter "Domain\UserName" but for FF I only have to enter "UserName"

To conclude Tedbilly is correct. There is no other way but to do a form authentication. I will have to run this by other IT people here to see what they want to do.

Thank you to all who gave their input.

Mike
0
 
meverestCommented:
OK - but it works OK for me.

Did you try using a protocol analyser (i.e. fiddlertool.com) to check what username IE is passing to your web server?  If you know exactly what it is doing, then that should give you at least some better understanding of what is going on.

Cheers!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now