Can I setup an extranet website in IIS using Windows authentication?

I'm working on a new web application.  Users will be logging in sometimes on the domain pc and sometimes from their mobile device that is not on the network domain.  Can I configure this in IIS (7.5) for this web application/site to be a Windows Authentication app?  I mean, will it still work when user navigates to the web site using their mobile device and still be asked to enter their Windows' credential and be authenticated?

Also, is there an option in this Window's Login dialog, a checkbox, to remember the credential with?  

Thank you.
lapuccaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
To the first yes you can, the user from a non-domain will be prompted for credentials.

Windows login you mean onto a system?
There is no check box option there, there is a way to configure a system to auto login as a user.

Please explain what windows login prompt do you mean.
0
lapuccaAuthor Commented:
The windows log I meant is when you enable the "Windows Authentication" in IIS (7.5 is ours), for the web application, the IIS will display a login dialog asking users for their userid and password that's their domain account or windows account.  
Thank you.
0
arnoldCommented:
There is no way to enable remember me in that dialogue.

You could code your application to prompt for user login using AD authentication at which point the login process will be totally under your applications control.
With using IIS windows authentication, the authentication to access is left to IIS.
It only answers does user have access? with a valid login, the user has, with an invalid, the user does not.

Depending on what it is the site/application does, have you considered having the user authentication be part of the application versus an IIS function?

Usually, remember me is handled by the site when the option is checked is to set a cookie on the client side that is checked when the user returns to see whether the cookie exists, its contents match the criteria and username is then extracted from the parameters and allowed in.
0
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

lapuccaAuthor Commented:
Arnold,
Thank you and that makes sense.  I knew about IIS is in charge and about the cookies but still appreciate you writing up the explanation.   The reason why I asked because of this screen shot at this article shows a option box for "Remember my credential" when it's set as "Digest Authentication" in IIS.  https://www.simple-talk.com/dotnet/asp.net/authentication-and-authorization-with-windows-accounts-in-asp.net/  
I also attached an image from that link.

I can setup a web application in IIS, and only enable the "Windows Authentication"  I thought that would set up the web application to be an Intranet.  But users can still see this site as a public website but just will be asked to enter windows credential for authentication.  So when and how does a web application gets set up as an Intranet?  Is it by IP limitation on IIS?
Thank you.
1268-Figure4.jpg
0
arnoldCommented:
I am uncertain whether that option is configurable or is presented under certain conditions I.e. In that type of an interface the info would be saved within the user's keys

Control keymgr.dll
This is one way a user can save external passwords.

Intranet site means it is only available internally. Usually the security consideration are more relaxed, when a site is externally accessible, the security consideration should be in accordance with the exposure and is no longer an intranet, it could be mixed through restriction of pages/sections, but restrictions are not fixed where a typo, error could expose those section.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
lapuccaAuthor Commented:
Thank you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.