IIS Windows Authentication doesn't authenticate properly with alias
I have a web app (ESI WebEOC) residing on an IIS server called oeppoim. It is invoked by typing http://oeppoim/webeocapp. An alias was created in Active Directory that's called webeoc. To invoke the app through the alias we type http://webeoc.us.house.gov/webeocapp. Both worked fine. Then we installed a single sign-on add-on that required we disable Anonymous Authentication. Only Windows Authentication is enabled in IIS. Http://oeppoim/webeocapp still works great. However, now when we type http://webeoc.us.house.gov/webeocapp, the Windows OS prompts us for credentials. We have to specify the domain with the userID (US\user1), because otherwise it defaults to the local server, oeppoim. Once we enter credentials, it goes to the app, as it should. I can no longer dup the problem on my machine - after invoking oeppoim, entering credentials when prompted (after typing webeoc.us.house.gov), it seems something is cached, and both work fine. However, all our other users have the same problem. Does the alias have to somehow be configured in IIS now that only Win authentication is enabled? The alias resolves just fine - I can ping it and it returns the server ip address.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
From what i can gather you are asking why
http://oeppoim/webeocapp. (Does NOT prompt)
http://webeoc.us.house.gov/webeocapp (Does Prompt)
this is because "oeppoim" is not a fully qualified domain name and allows the client computer to send network credentials
but "webeoc.us.house.gov" IS as fully qualified domain name and for all the client knows it could be anywhere in the world, even if it is on the local LAN its treat like it isnt and asks the user to specify credentials
its simply a preventative measure to stop the client from sending their credentials without their knowledge
http://oeppoim/webeocapp. (Does NOT prompt)
http://webeoc.us.house.gov/webeocapp (Does Prompt)
this is because "oeppoim" is not a fully qualified domain name and allows the client computer to send network credentials
but "webeoc.us.house.gov" IS as fully qualified domain name and for all the client knows it could be anywhere in the world, even if it is on the local LAN its treat like it isnt and asks the user to specify credentials
its simply a preventative measure to stop the client from sending their credentials without their knowledge
Does this mean we should be able to access via http://webeoc/webapp (since we aren't entering the fully qualified credentials? How would I enable users to access it using the webeoc alias? Thanks - your explanation is a great help
Premium Content
You need an Expert Office subscription to comment.Start Free Trial