• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 507
  • Last Modified:

Using Integrated Windows authentication with a Login Box

We need to use integrated windows authentication on our website for some users, but we want all users to be challenged by a login box like the one that is used by digest authentication.  Is there a way to do this?
0
jimmydea
Asked:
jimmydea
  • 3
  • 3
  • 2
5 Solutions
 
Ted BouskillSenior Software DeveloperCommented:
When you use Windows Authentication, IE will automatically try to log on any user who is on a client computer that belongs to the same domain as the server web site.  So, if you're users are in 'domain.com' and the website is 'www.domain.com' IE will automatically log them in.   To be honest, that is a great security feature because the less often the user types their password it lowers the chance of a keyboard logger capture the password.  For example, 'clickjacking' will only work after a user has logged on.

If you want to always show this dialog, then you need to change the IE default settings using Group Policy objects.
0
 
cj_1969Commented:
If you are using Windows Integrated Authentication why do you need a login box?
If a user is not a member of the domain, or the credentials they are logged into the work station with do not authenticate then they will get either an access denied or the login box.  But if they have permission to access the page then they will be let in.

So, back to the initial question ... why the login box requirement?  If we know this we might be able to come up with some other suggestions that you can implement.
0
 
jimmydeaAuthor Commented:
Because that's what the boss wants.  I know it sounds dumb, and I have explained this to him for over a week, but thats what he wants.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
jimmydeaAuthor Commented:
Tedbilly, what setting in IE
0
 
cj_1969Commented:
Take a look a this ... this might allow you to do what you need to do ...
http://support.microsoft.com/kb/326340
0
 
Ted BouskillSenior Software DeveloperCommented:
I'm not a Group Policy Object expert so I can't help with the details, however I know that these settings can be automatically managed when users log on.  It would automatically turn off the automatic logging.

If you want to test it yourself, go to the 'Security' tab in IE options, then select the 'Local Intranet' zone and turn off automatica logon.  Do the same for 'Trusted Sites'.  That will force the dialog to show all the time.
0
 
jimmydeaAuthor Commented:
No longer an issue, thanks for help
0
 
Ted BouskillSenior Software DeveloperCommented:
Even if the issue is resolved, we answered your question and points should be awarded.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now