?
Solved

SharePoint 2010 external users required to enter domain name

Posted on 2016-11-04
16
Medium Priority
?
84 Views
Last Modified: 2016-11-12
I've seen this question asked many places, but no definitive answers.

I have a SharePoint web application that is configured for external users to connect to.  It is using basic authentication with SSL.  The default domain is set.

If I use Chrome or firefox I can use only my username and password to authenticate.  However, IE requires the domain name to authenticate.

I've seen many answers that say this is by design, however is there any way around this?  Custom forms based auth my only option?
0
Comment
Question by:delmarvamonkey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 8
16 Comments
 
LVL 19

Expert Comment

by:Walter Curtis
ID: 41875393
This is difficult to troubleshoot because although the information is good, it does not fit together. Here are a few questions to help me understand:

How is the web application configured for external users? How is that different from the internal users?

It pass through authentication enabled in the browsers? Is it possible that IE has a GPO applied so that it does not allow pass through?

You mention you are thinking about FBA, what are you using now? Windows Authentication?

Thanks
0
 

Author Comment

by:delmarvamonkey
ID: 41877457
Hello,

The web application authentication is Basic authentication over ssl.

The browsers that are being used are being used by external customers, so we can't control how they are configured.  However, default chrome/firefox can login without supplying the domain.

I was thinking over using FBA.  Internally we use Windows auth and have no issues.
0
 

Author Comment

by:delmarvamonkey
ID: 41877459
I should also mention they use IE.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 19

Expert Comment

by:Walter Curtis
ID: 41877668
Your external users have an Active Directory account?
0
 

Author Comment

by:delmarvamonkey
ID: 41877720
No, we have external customers that login to our environment.  They have their own "unknown" domains.
0
 
LVL 19

Expert Comment

by:Walter Curtis
ID: 41877730
What are they authenticating against. They enter a user name and password. What mechanism says "yes, that is correct let them in" or  "no, incorrect information, access denied". What is the authentication provider?
0
 

Author Comment

by:delmarvamonkey
ID: 41877733
Active directory.  IIS auth is basic over SSL.
0
 
LVL 19

Expert Comment

by:Walter Curtis
ID: 41877746
Sorry, we have a disconnect in terminology I think. I asked if your external users have an Active Directory account, and the answer is no. I then ask how do they authenticate, and you answer Active Directory.

Has nothing to do with Basic Auth over SSL, has to do with what is the Authentication Provider. The authenticating method, protocol, is something different. Not sure what a solution could be because not sure yet what the problem is.

Good luck...
0
 

Author Comment

by:delmarvamonkey
ID: 41877771
Sorry, let me clarify.  They have internal AD accounts, but they are on external environments / domains.
0
 
LVL 19

Expert Comment

by:Walter Curtis
ID: 41877783
Okay, now I see.

I agree somewhat with your original post about the behavior being per design. I have used basic auth over the internet very seldom, probably never in production just for testing because of the security risks. I know there is the SSL layer there, but still something to consider. If you were to switch to AD (Windows Integrated) authentication in IIS the external users would have to enter in the domain name, but your internal users would not need to enter the domain name provided that they are logged in to the same domain that SharePoint is located in. You could even set the browser settings for your internal users so that pass through auth is used. That would be a kind of a trade off.

There is also the possibility to use a web application extension and have two different auth providers, one for internal and a different method for external that you may want to consider, but that is a different topic.

Hope that helps...
0
 

Author Comment

by:delmarvamonkey
ID: 41877806
Actually that's how I have it set up.

The web application is extended:

1.  Internal users use windows auth
2. External users use basic auth over SSL.

Everything is fine for internal users.

External users have to enter domain name.  But not if they use chrome.

When I say external users, I mean, they are using an internal AD account, but are connecting from an external domain over the internet.
0
 
LVL 19

Expert Comment

by:Walter Curtis
ID: 41877816
External users have to enter domain name.  But not if they use chrome.

Makes it sound like your set up is fine. Their IE browsers must be set up for pass through auth, therefore when they connect to any site, be it external or internal for them, their browsers are using their domain name, which is not yours. So they have to enter in your domain name.

As you mention, you can't control their browser, so you might not be able to do anything on this but to recommend to them to not use pass through auth in IE, which they probably won't want to do.
0
 

Author Comment

by:delmarvamonkey
ID: 41877820
The reason I asked was because I wanted to make sure I wasn't missing something.  That's what I thought.

So I will go toward FBA.
0
 
LVL 19

Accepted Solution

by:
Walter Curtis earned 2000 total points
ID: 41877825
Maybe review this as part of your considerations for going FBA.

https://www.experts-exchange.com/questions/28261580/Sharepoint-2013-FBA.html

Hope that helps...
0
 

Author Closing Comment

by:delmarvamonkey
ID: 41877840
Answer accepted.
0
 
LVL 19

Expert Comment

by:Walter Curtis
ID: 41877844
Thanks
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
Summary In SharePoint 2010 it is easy to create custom color themes to jazz up a site. Theme colors can also be created in PowerPoint 2010 with a few clicks. But how do the chosen colors actually look in the SharePoint site? The attached PowerPoint…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question