How to make IIS pickup Windows Authentication properly.

Hi there.
I have a site which if accessed by our company domain name with a sub domain prefix it  passes across our firewall to an internal server and requests basic authentication.  Fine so far.
Internally if I access the site by its server name I get windows authentication and the site comes up without a challenge.
But if I access the site internally using our domain with the sub domain prefix it challenges for basic authentication.
I have added a DNS rule so using the domain internally does now go to the server without going out of the company (or at least I think it isn't, tracert'ing the name internally reveals a direct hop to the server i.p)
So I am guessing there is another step I need to complete to allow my IIS server to be happy that the user connecting is internal?
Hopefully that's clear enough , if I'm missing something please advise.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

To my knowledge, this isn't an IIS thing, it's a matter of how the browser treats resource you're trying to reach.  Just looking at IE, with default settings Windows Authentication will only be used for sites that it detects as intranet sites (generally single-label names).  You can edit the sites that are part of the intranet zone and just add the FQDN of the site.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dgloverukAuthor Commented:
Ah ok, my internet explorer is set to detect intranet sites and picks up servers as addresses fine in this way, I take it I can't dupe IE into treating a website like this? assuming I cannot, I presume any policy I make to add the domain to the intranet sites for IE I would also need to do for Chrome which is also used internally?
I am wondering if there is something I could do on IIS or in my .net application which could influence this and do a response.redirect to the server name so that users could enter the friendly url but end up on the right URL.
Perhaps this should become a .net question therefore?
Yes, there are different settings to do the same on Firefox (have to go into about:config) and Chrome.
There's no way I know of besides adding in the name to the list of sites to make IE treat a specific FQDN or URL as part of the intranet zone.  If there's a way to influence this on the server side, I've never heard of it.
dgloverukAuthor Commented:
I had an idea to do a response.redirect to the internal URL based on trying to detect something about the user which might indicate they were an internal network member which would then cause windows authentication from the automated IE detection but I could not determine how to prevent the challenge response before this was discovered, so I am withdrawing on this one.  Thank you footech for your help!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.