David Glover
asked on
How to make IIS pickup Windows Authentication properly.
Hi there.
I have a site which if accessed by our company domain name with a sub domain prefix it passes across our firewall to an internal server and requests basic authentication. Fine so far.
Internally if I access the site by its server name I get windows authentication and the site comes up without a challenge.
But if I access the site internally using our domain with the sub domain prefix it challenges for basic authentication.
I have added a DNS rule so using the domain internally does now go to the server without going out of the company (or at least I think it isn't, tracert'ing the name internally reveals a direct hop to the server i.p)
So I am guessing there is another step I need to complete to allow my IIS server to be happy that the user connecting is internal?
Hopefully that's clear enough , if I'm missing something please advise.
I have a site which if accessed by our company domain name with a sub domain prefix it passes across our firewall to an internal server and requests basic authentication. Fine so far.
Internally if I access the site by its server name I get windows authentication and the site comes up without a challenge.
But if I access the site internally using our domain with the sub domain prefix it challenges for basic authentication.
I have added a DNS rule so using the domain internally does now go to the server without going out of the company (or at least I think it isn't, tracert'ing the name internally reveals a direct hop to the server i.p)
So I am guessing there is another step I need to complete to allow my IIS server to be happy that the user connecting is internal?
Hopefully that's clear enough , if I'm missing something please advise.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes, there are different settings to do the same on Firefox (have to go into about:config) and Chrome.
There's no way I know of besides adding in the name to the list of sites to make IE treat a specific FQDN or URL as part of the intranet zone. If there's a way to influence this on the server side, I've never heard of it.
There's no way I know of besides adding in the name to the list of sites to make IE treat a specific FQDN or URL as part of the intranet zone. If there's a way to influence this on the server side, I've never heard of it.
ASKER
I had an idea to do a response.redirect to the internal URL based on trying to detect something about the user which might indicate they were an internal network member which would then cause windows authentication from the automated IE detection but I could not determine how to prevent the challenge response before this was discovered, so I am withdrawing on this one. Thank you footech for your help!
ASKER
I am wondering if there is something I could do on IIS or in my .net application which could influence this and do a response.redirect to the server name so that users could enter the friendly url but end up on the right URL.
Perhaps this should become a .net question therefore?