Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SharePoint 2010 external users required to enter domain name

Posted on 2016-11-04
16
53 Views
Last Modified: 2016-11-12
I've seen this question asked many places, but no definitive answers.

I have a SharePoint web application that is configured for external users to connect to.  It is using basic authentication with SSL.  The default domain is set.

If I use Chrome or firefox I can use only my username and password to authenticate.  However, IE requires the domain name to authenticate.

I've seen many answers that say this is by design, however is there any way around this?  Custom forms based auth my only option?
0
Comment
Question by:delmarvamonkey
  • 8
  • 8
16 Comments
 
LVL 17

Expert Comment

by:Walter Curtis
ID: 41875393
This is difficult to troubleshoot because although the information is good, it does not fit together. Here are a few questions to help me understand:

How is the web application configured for external users? How is that different from the internal users?

It pass through authentication enabled in the browsers? Is it possible that IE has a GPO applied so that it does not allow pass through?

You mention you are thinking about FBA, what are you using now? Windows Authentication?

Thanks
0
 

Author Comment

by:delmarvamonkey
ID: 41877457
Hello,

The web application authentication is Basic authentication over ssl.

The browsers that are being used are being used by external customers, so we can't control how they are configured.  However, default chrome/firefox can login without supplying the domain.

I was thinking over using FBA.  Internally we use Windows auth and have no issues.
0
 

Author Comment

by:delmarvamonkey
ID: 41877459
I should also mention they use IE.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 17

Expert Comment

by:Walter Curtis
ID: 41877668
Your external users have an Active Directory account?
0
 

Author Comment

by:delmarvamonkey
ID: 41877720
No, we have external customers that login to our environment.  They have their own "unknown" domains.
0
 
LVL 17

Expert Comment

by:Walter Curtis
ID: 41877730
What are they authenticating against. They enter a user name and password. What mechanism says "yes, that is correct let them in" or  "no, incorrect information, access denied". What is the authentication provider?
0
 

Author Comment

by:delmarvamonkey
ID: 41877733
Active directory.  IIS auth is basic over SSL.
0
 
LVL 17

Expert Comment

by:Walter Curtis
ID: 41877746
Sorry, we have a disconnect in terminology I think. I asked if your external users have an Active Directory account, and the answer is no. I then ask how do they authenticate, and you answer Active Directory.

Has nothing to do with Basic Auth over SSL, has to do with what is the Authentication Provider. The authenticating method, protocol, is something different. Not sure what a solution could be because not sure yet what the problem is.

Good luck...
0
 

Author Comment

by:delmarvamonkey
ID: 41877771
Sorry, let me clarify.  They have internal AD accounts, but they are on external environments / domains.
0
 
LVL 17

Expert Comment

by:Walter Curtis
ID: 41877783
Okay, now I see.

I agree somewhat with your original post about the behavior being per design. I have used basic auth over the internet very seldom, probably never in production just for testing because of the security risks. I know there is the SSL layer there, but still something to consider. If you were to switch to AD (Windows Integrated) authentication in IIS the external users would have to enter in the domain name, but your internal users would not need to enter the domain name provided that they are logged in to the same domain that SharePoint is located in. You could even set the browser settings for your internal users so that pass through auth is used. That would be a kind of a trade off.

There is also the possibility to use a web application extension and have two different auth providers, one for internal and a different method for external that you may want to consider, but that is a different topic.

Hope that helps...
0
 

Author Comment

by:delmarvamonkey
ID: 41877806
Actually that's how I have it set up.

The web application is extended:

1.  Internal users use windows auth
2. External users use basic auth over SSL.

Everything is fine for internal users.

External users have to enter domain name.  But not if they use chrome.

When I say external users, I mean, they are using an internal AD account, but are connecting from an external domain over the internet.
0
 
LVL 17

Expert Comment

by:Walter Curtis
ID: 41877816
External users have to enter domain name.  But not if they use chrome.

Makes it sound like your set up is fine. Their IE browsers must be set up for pass through auth, therefore when they connect to any site, be it external or internal for them, their browsers are using their domain name, which is not yours. So they have to enter in your domain name.

As you mention, you can't control their browser, so you might not be able to do anything on this but to recommend to them to not use pass through auth in IE, which they probably won't want to do.
0
 

Author Comment

by:delmarvamonkey
ID: 41877820
The reason I asked was because I wanted to make sure I wasn't missing something.  That's what I thought.

So I will go toward FBA.
0
 
LVL 17

Accepted Solution

by:
Walter Curtis earned 500 total points
ID: 41877825
Maybe review this as part of your considerations for going FBA.

https://www.experts-exchange.com/questions/28261580/Sharepoint-2013-FBA.html

Hope that helps...
0
 

Author Closing Comment

by:delmarvamonkey
ID: 41877840
Answer accepted.
0
 
LVL 17

Expert Comment

by:Walter Curtis
ID: 41877844
Thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Pimping Sharepoint 2007 without Server-Side Code Part 1 One of my biggest frustrations with Sharepoint 2007 in the corporate world is that while good-intentioned managers lock down the more interesting capabilities of Sharepoint programming in…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question