I have two small questions and I am working with PHP on IIS 10 running on Windows Server 2012 R2. Normally I work with Apache/Linux so this is a bit new to me.
On my local I cannot get the Windows Authentication against AD to work even if I am connected via VPN to work. I dont know if I need to have my local IIS join the domain or set something up in the VPN connection to forward the request. What I get is an endless refresh of the Windows Authentication window until I cancel and then I get the HTTP Error 401.1 - Unauthorized.
I have a 2nd question which is something I think I know the answer too but since IIS/Windows Authentication is something new I thought I would ask. So they want to essentially have a SSO for all their intranet apps. They run under the same IIS server but they are different sub-domains -- ie apps1.domain.com, apps2.domain.com, etc. The behavior that they want is if you need to login they want Windows Authentication to pop up and authenticate you and then you can use all the domains and not have to be authenticated again unless you logout. My assumption is that since they are separate sub-domains that if its your first time for each of them you need to authenticate. Is that correct? Or is there a configuration setting on IIS that will allow that behavior?
If I need to split up the questions please let me know I will come back and make a 2nd question.