SharePoint 2010 external users required to enter domain name

I've seen this question asked many places, but no definitive answers.

I have a SharePoint web application that is configured for external users to connect to.  It is using basic authentication with SSL.  The default domain is set.

If I use Chrome or firefox I can use only my username and password to authenticate.  However, IE requires the domain name to authenticate.

I've seen many answers that say this is by design, however is there any way around this?  Custom forms based auth my only option?
delmarvamonkeyAsked:
Who is Participating?
 
Walter CurtisConnect With a Mentor SharePoint AEDCommented:
Maybe review this as part of your considerations for going FBA.

https://www.experts-exchange.com/questions/28261580/Sharepoint-2013-FBA.html

Hope that helps...
0
 
Walter CurtisSharePoint AEDCommented:
This is difficult to troubleshoot because although the information is good, it does not fit together. Here are a few questions to help me understand:

How is the web application configured for external users? How is that different from the internal users?

It pass through authentication enabled in the browsers? Is it possible that IE has a GPO applied so that it does not allow pass through?

You mention you are thinking about FBA, what are you using now? Windows Authentication?

Thanks
0
 
delmarvamonkeyAuthor Commented:
Hello,

The web application authentication is Basic authentication over ssl.

The browsers that are being used are being used by external customers, so we can't control how they are configured.  However, default chrome/firefox can login without supplying the domain.

I was thinking over using FBA.  Internally we use Windows auth and have no issues.
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

 
delmarvamonkeyAuthor Commented:
I should also mention they use IE.
0
 
Walter CurtisSharePoint AEDCommented:
Your external users have an Active Directory account?
0
 
delmarvamonkeyAuthor Commented:
No, we have external customers that login to our environment.  They have their own "unknown" domains.
0
 
Walter CurtisSharePoint AEDCommented:
What are they authenticating against. They enter a user name and password. What mechanism says "yes, that is correct let them in" or  "no, incorrect information, access denied". What is the authentication provider?
0
 
delmarvamonkeyAuthor Commented:
Active directory.  IIS auth is basic over SSL.
0
 
Walter CurtisSharePoint AEDCommented:
Sorry, we have a disconnect in terminology I think. I asked if your external users have an Active Directory account, and the answer is no. I then ask how do they authenticate, and you answer Active Directory.

Has nothing to do with Basic Auth over SSL, has to do with what is the Authentication Provider. The authenticating method, protocol, is something different. Not sure what a solution could be because not sure yet what the problem is.

Good luck...
0
 
delmarvamonkeyAuthor Commented:
Sorry, let me clarify.  They have internal AD accounts, but they are on external environments / domains.
0
 
Walter CurtisSharePoint AEDCommented:
Okay, now I see.

I agree somewhat with your original post about the behavior being per design. I have used basic auth over the internet very seldom, probably never in production just for testing because of the security risks. I know there is the SSL layer there, but still something to consider. If you were to switch to AD (Windows Integrated) authentication in IIS the external users would have to enter in the domain name, but your internal users would not need to enter the domain name provided that they are logged in to the same domain that SharePoint is located in. You could even set the browser settings for your internal users so that pass through auth is used. That would be a kind of a trade off.

There is also the possibility to use a web application extension and have two different auth providers, one for internal and a different method for external that you may want to consider, but that is a different topic.

Hope that helps...
0
 
delmarvamonkeyAuthor Commented:
Actually that's how I have it set up.

The web application is extended:

1.  Internal users use windows auth
2. External users use basic auth over SSL.

Everything is fine for internal users.

External users have to enter domain name.  But not if they use chrome.

When I say external users, I mean, they are using an internal AD account, but are connecting from an external domain over the internet.
0
 
Walter CurtisSharePoint AEDCommented:
External users have to enter domain name.  But not if they use chrome.

Makes it sound like your set up is fine. Their IE browsers must be set up for pass through auth, therefore when they connect to any site, be it external or internal for them, their browsers are using their domain name, which is not yours. So they have to enter in your domain name.

As you mention, you can't control their browser, so you might not be able to do anything on this but to recommend to them to not use pass through auth in IE, which they probably won't want to do.
0
 
delmarvamonkeyAuthor Commented:
The reason I asked was because I wanted to make sure I wasn't missing something.  That's what I thought.

So I will go toward FBA.
0
 
delmarvamonkeyAuthor Commented:
Answer accepted.
0
 
Walter CurtisSharePoint AEDCommented:
Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.