Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Win 2008 Website Authentication

Posted on 2009-05-06
12
Medium Priority
?
653 Views
Last Modified: 2013-12-04
We currently have a Win 2008 Standard Server setup for our websites and it's part of a domain and our AD for authentication. We have a few websites setup to only allow internal & authenticated people to access them. So in IIS7 for each of these websites under "Authentication" we have "Anonymous" disabled and "Basic Auth..." and "Win Auth..." enabled. The problem is when we try to access these websites on a PC using IE7 the browser is not able to login unless I enter my user name like "MyDomain\UserName" and my password. If I try to enter just "UserName" and password I get a "401 - Unauthorized: Access is denied due to invalid credentials."? But in FireFox it works fine just entering "UserName" and password no domain is required in the user name. Does anyone know how to resolve this? Any help is appreciated.

Thank you,

Mike
0
Comment
Question by:davisadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
12 Comments
 
LVL 37

Expert Comment

by:meverest
ID: 24324013
Hi,

disable 'windows auth' and use only 'basic auth' then IE will behave the same as firefox.

alternatively, if the local PC is logged on to the domain and the web site is in the IE 'trusted' zone, the user will not need to enter credentials at all (IE will use the logged on credentials automatically)

Cheers.
0
 

Author Comment

by:davisadmin
ID: 24326094
Hi meverest,

Thanks for your reply. Unfortunately our computers are not logging to the domain. They are stand alone since 95% of them are Macs. We only have a few PCs in the office and those are the ones that are having the problem. All Macs are able to login and authenticate using FireFox and Safari with no problems but the PCs that are using IE are the problem. I've tried what you suggested by disabling "Win Auth" and only having "Basic Auth" but now I can't login at all, not even with FireFox on both PC and Mac? Any other suggestions or configurations that I could try?

Thank you,

Mike
0
 

Author Comment

by:davisadmin
ID: 24326142
One thing I should mention is the Win 2008 server is not the domain control. It's part of the domain and the AD is not on this machine either. It's on another Win 2003 machine.

Mike
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 37

Expert Comment

by:meverest
ID: 24331222
Hi,

safari and firefox do not do windows auth, so there /should/ be no affect on their behavior from disabling windows auth.

do you have the default domain listed in the relevant field?

Cheers.
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 24332907
Meverest: We use only Windows authentication with Safari and Firefox in our site.  The only thing Safari doesn't support is automatic logon.

Have you tried disabling 'Basic Authentication' and only using 'Windows Authentication' which is essentially encrypted NTLM authentication?
0
 

Author Comment

by:davisadmin
ID: 24332920
I've tried removing "win auth" and only having "basic auth" but then FireFox doesn't work either? It's strange but it's really happening and I'm sure why. It's the same on PC and Mac.

Mike
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 24332927
I'll repeat my comment: "Have your tried disabling 'Basic Authentication' and only use 'Windows Authentication'?
0
 

Author Comment

by:davisadmin
ID: 24332937
tedbilly,

I've tried that as well but the problem is I don't want users to have to type "Domain\UserName". I would like them just to type "UserName" and their password to login. The strange thing is it works if I just use "UserName" + my password in the login with FireFox on both PC and Mac but if I try it with IE 7 it doesn't work. I have to put "Domain\UserName" + my password to login with IE 7. What is the difference that it works with FF but not IE?

Mike
0
 
LVL 51

Assisted Solution

by:Ted Bouskill
Ted Bouskill earned 248 total points
ID: 24333281
Sorry, but I don't think there is a viable solution.  The implementations are all too different.  Only a cookie based form authentication system would give you consistent results.
0
 
LVL 37

Accepted Solution

by:
meverest earned 252 total points
ID: 24343957

>> What is the difference that it works with FF but not IE?

hey - my comment above:

> safari and firefox do not do windows auth, so there /should/ be no affect on their behavior from disabling windows auth.

that is the difference.  IE is 'smart' (that's 'smart' with a capital Microsoft) so it is IIS-aware.

if the IE is logged in to some domain (even local machine) then it will probably try to send "computername\username" every time.

Take a look at the web server log files to see what the actual username passed is.  Also, you can use fiddler (www.fiddlertool.com) to inspect the http headers and see what username IE is sending.

Cheers!
0
 

Author Comment

by:davisadmin
ID: 24344648
Meverest,

Thanks for your reply. I did some tests with the following combination:

Test 1) Enabled "Win Auth" and "Basic Auth" both FF 3.x and IE 7 work, but for IE 7 I have to put "Domain\UserName" but for FF I only have to enter "UserName".

Test 2) Enabled "Basic Auth" and disabled "Win Auth" both work but I have to enter "Domain\UserName" for both FF and IE to be able to login. Where in test 1 above for FF I only had to enter "UserName" to login.

Test 3) Enabled "Win Auth" and disabled "Basic Auth" both FF and IE work. For IE I still have to enter "Domain\UserName" but for FF I only have to enter "UserName"

To conclude Tedbilly is correct. There is no other way but to do a form authentication. I will have to run this by other IT people here to see what they want to do.

Thank you to all who gave their input.

Mike
0
 
LVL 37

Expert Comment

by:meverest
ID: 24346768
OK - but it works OK for me.

Did you try using a protocol analyser (i.e. fiddlertool.com) to check what username IE is passing to your web server?  If you know exactly what it is doing, then that should give you at least some better understanding of what is going on.

Cheers!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question