[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 476
  • Last Modified:

Intranet Best Practice

We have a Intranet site I inherited that was set up with an anonomous access allowed.

I want to change that to Windows Authentication only.

Our network is outsourced.

So I don't look like a COMPLETE idiot...and at least ask "in the ballpark" questions.

When I set IIS to Windows Auth
I've already added Domain Users to the Web Folder Security
If I place this in the page_load I can use it
 Session("un") = Environment.GetEnvironmentVariable("USERNAME").ToString()

Some users when they first go to the page get a popup window asking for username and password (Windows)

What's with that?

And what should my process be?
  • 3
  • 3
1 Solution
Off the top of my head, I'd say that those people who are getting prompted are connecting to it with a full url like http://intranet.xyz.com and those who are not getting prompted are connecting to http://intranet by itself.  As soon as you include a "." in the URL, the integrated authentication is ignored and you're forced to enter your password.
lrbristerAuthor Commented:
So I had the network guys set things up so I could use a host header in the IIS called usMan

So the actual url is now http://usMan/thePage.aspx

When the person sent me the compalint I saw that is was a saved "Favorites" using the ipaddress

That's what you're talking about, right?
Exactly... Anyone going to http://usMan/thePage.aspx should be fine, but the link forces the browser to assume that you're looking at an external site and won't transmit the integrated authentication information.  So you can test that from your own browser with both addresses to see it happen.

We have the same problem at my company and the users just don't get it... from their viewpoint it's the same site - they always forget to use the short version.
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

I don't believe that's what he meant, is a IP address...the dots mean something ekse..they probably didn't set up DNS for translation to a real name like usMan.

When he meant by "." I think he was referring to when there is a . it means it's a domain like intranet.xyz.com. But he can clarify on that if he means something else.
lrbristerAuthor Commented:
Originally a buch of pages were created...no login or any control at all..and a link to the page was sent to whoever needed the data

All the links started with the IP address.

I had the record set up so usMan was directed to that IP.

There are a bunch of pages whith Lord knows who having access and I have to get control of this.

While I usually use a login form with username and password, management wants everyone to be able to use domain security and I assign page access based on their group from the Active Directory Group Policy.

So...step one (I think) is making sure that I get rid of all those "Favorites" and require them to use the url
lrbristerAuthor Commented:
Didn;t see your post before I made my last comment.
http://support.microsoft.com/kb/258063 may explain it better than I can... if I understand the original question right, the same site will work fine for some people but prompt others for credentials.  In my experience, this happened when people would enter either the full http://intranet.xyz.com or - either way it includes a period so it triggers the prompt.

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now