Geek Answers Handbook

Iis: Integrated Windows authentication still pops up.

I have a website running on a Windows 2003 server on IIS 6 serving pages for a local network where everyone works with a domain account. On other machines, this works fine, no one should go to the site, dynamic scripts take the account name from the HTTP request.

Only when browsing from the server itself (through the remote desktop, for example,) Internet Explorer still opens a dialog box for entering the domain when you go to this site. (both a regular URL and http: // localhost / ). This was not a problem on the Windows 2000 server from which we recently migrated the site.

+7
iis windows-server-2003
source share
3 answers

I had this problem or a similar problem and solved it:

  • add http://localhost to the list of intranet sites through IE> Tools> options> security> Local intranet> Sites> advanced> add http://localhost . (This is necessary if you have Advanced IE Protection installed, which assigns all intranet sites and all UNC paths that are not explicitly specified in the local intranet zone to the Internet zone, even local or other domains that do not contain the character. " "which is usually considered the default intranet.)

  • also in the Security> Local Intranet> section, see what level of security you use to ensure that login data is transmitted. If it is a user, click the "User level ..." button, scroll to the right, under "User Authentication"> "Login"> for me this is an automatic login only in the intranet zone.

+2
source share

Have you configured IE in your Windows 2003 window to "Enable Integrated Windows Authentication"? This must be configured in IE6 to automatically use the login credentials.

+1
source share

You will probably be able to use ServerFault for this problem, possibly before the server configuration. Take a look at this KBAlertz.com article , yes, it is specific to SharePoint, but some bits are more general. I suspect (given that you said that you migrated to the new machine) that the problem is that the new computer is not "reliable for delegation", so look at the part called "Configure delegation trust for web parts"

Configuring Delegation Trust for Web Parts To configure IIS to hope for delegation, follow these steps:

  • Launch Active Directory Users and Computers.
  • In the left pane, click Computers.
  • In the right pane, right-click the IIS server name, and then click Properties.
  • Click the General tab, select the Target Computer to delegate, and then click OK.
  • Exit Active Directory Users and Computers.

If the application pool identifier is configured for the user to use the domain of the account, the user account must be trusted by the delegation before you can use Kerberos authentication. delegations trust the domain account setup, follow these steps:

  • On the domain controller, start Active Directory Users and Computers.
  • In the left pane, click Users.
  • In the right pane, right-click the user account name, and then click Properties.
  • Click the "Account" tab in the "Account Settings" section, select the Trusted account for delegation check box, and then click "OK."
  • Exit Active Directory Users and Computers.

If the application pool identifier is a domain user account, you must configure the SPN for this account. To configure the SPN for the domain user, follow these steps:

0
source share

More articles:


All Articles