Intranet Best Practice

Posted on 2012-08-13
Last Modified: 2012-08-13
We have a Intranet site I inherited that was set up with an anonomous access allowed.

I want to change that to Windows Authentication only.

Our network is outsourced.

So I don't look like a COMPLETE idiot...and at least ask "in the ballpark" questions.

When I set IIS to Windows Auth
I've already added Domain Users to the Web Folder Security
If I place this in the page_load I can use it
 Session("un") = Environment.GetEnvironmentVariable("USERNAME").ToString()

Some users when they first go to the page get a popup window asking for username and password (Windows)

What's with that?

And what should my process be?
Question by:lrbrister
    LVL 9

    Expert Comment

    Off the top of my head, I'd say that those people who are getting prompted are connecting to it with a full url like and those who are not getting prompted are connecting to http://intranet by itself.  As soon as you include a "." in the URL, the integrated authentication is ignored and you're forced to enter your password.

    Author Comment

    So I had the network guys set things up so I could use a host header in the IIS called usMan

    So the actual url is now http://usMan/thePage.aspx

    When the person sent me the compalint I saw that is was a saved "Favorites" using the ipaddress

    That's what you're talking about, right?
    LVL 9

    Accepted Solution

    Exactly... Anyone going to http://usMan/thePage.aspx should be fine, but the link forces the browser to assume that you're looking at an external site and won't transmit the integrated authentication information.  So you can test that from your own browser with both addresses to see it happen.

    We have the same problem at my company and the users just don't get it... from their viewpoint it's the same site - they always forget to use the short version.
    LVL 4

    Expert Comment

    I don't believe that's what he meant, is a IP address...the dots mean something ekse..they probably didn't set up DNS for translation to a real name like usMan.

    When he meant by "." I think he was referring to when there is a . it means it's a domain like But he can clarify on that if he means something else.

    Author Comment

    Originally a buch of pages were login or any control at all..and a link to the page was sent to whoever needed the data

    All the links started with the IP address.

    I had the record set up so usMan was directed to that IP.

    There are a bunch of pages whith Lord knows who having access and I have to get control of this.

    While I usually use a login form with username and password, management wants everyone to be able to use domain security and I assign page access based on their group from the Active Directory Group Policy.

    So...step one (I think) is making sure that I get rid of all those "Favorites" and require them to use the url

    Author Closing Comment

    Didn;t see your post before I made my last comment.
    LVL 9

    Expert Comment

    by:WebDevEM may explain it better than I can... if I understand the original question right, the same site will work fine for some people but prompt others for credentials.  In my experience, this happened when people would enter either the full or - either way it includes a period so it triggers the prompt.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Suggested Solutions

    Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
    Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now