Cross-Domain Integrated Windows Authentication in IIS for ASP.NET

Question

Cross-Domain Integrated Windows Authentication in IIS for ASP.NET

I built the INTRANET ASP.NET website for which authentication is “Integrated Windows Authentication”, and in the authorization section of web.config I specified AD groups (domain \ groupname) to restrict access only to members of these AD groups. several AD groups are specified in web.config (domain1 \ group1, domain2 \ group2, etc.). Now this is great for users of one domain1 (where it is located), but for users of another domain (domain2) they get a request to enter their Windows credentials, and if they enter it, then it works, and they can access the site without any problems. but I would like to avoid this login prompt because I granted access to the groups of both domains. why do they get this hint and is it possible to suppress it? Do I need to configure something in IIS or web.config? Thanks in advance.

+8

security authentication asp.net web-config iis

RKP Dec 6 '10 at 17:43

source share

2 answers

Kelly sandwiches · Answer 1 · 2011-04-30T18:30:14+0000

I believe that Domain2 users can add your site hosted on Domain1 to their list of intranet sites in Internet Explorer-> Internet Options-> Security-> Local Intranet. This zone should automatically log in with the current username and password. You can make this an AD policy.

RogerG · Answer 2 · 2010-12-07T13:30:23+0000

I'm not sure you can do this. I believe that users from outside the hosted domain will always be asked to enter credentials with "integrated" security.

You can probably use authentication for multiple domains. I am heading down the path of the Windows Indentity Foundation (which I have no desire to learn), so I would like someone to tell me that I'm wrong!

Cross-Domain Integrated Windows Authentication in IIS for ASP.NET

More articles: