tremorrs
Tue Oct 18 16:56:38 CDT 2005
Well that makes sense except that I was never logged into windows as the
administrator, I was logged in as a member of the domain administrators
group, but not THE administrator which is what the login to iis was
defaulting to.
"David Wang [Msft]" wrote:
> It sounds like you have the browser configured to not auto-login (that's why
> you get prompted for authentication even though using Integrated
> authentication). You need to make sure that the website is located in the
> right IE "Zone" and that the "Zone" is configured to auto-login.
>
> If you hit cancel, IE will automatically try to auto-login using the
> interactive login user. This is probably why it kept doing it as domain
> administrator earlier because you logged in as it.
>
> As for ASP.NET application behavior -- that completely depends on the
> authentication scheme that you are using with it, and that can be custom
> code inside the application (if you are not using the bulit in methods).
>
> --
> //David
> IIS
>
http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no rights.
> //
> "tremorrs" <tremorrs@discussions.microsoft.com> wrote in message
> news:AFB32AB9-51A4-4E72-862C-2B4716569F47@microsoft.com...
> Well I tried as you suggested and it behaves a little better when I log on
> as
> a non-administrator. It still does prompt for authentication, then if I log
> in it works properly, if I hit cancel on the login prompt it logs in the
> windows logged in user. However on an ASP.NET application such as business
> portal it gives me an 'invalid user' error no matter who I log in as. That
> is
> probably a seperate issue.
>
> "David Wang [Msft]" wrote:
>
> > Let's try to remove some of the variables. Can you try just running IE
> from
> > a real interactive user login (instead of running as domain administrator
> > and then typing in specific username/password). I'm want to distinguish
> > between something going awry vs IE eventually auto-authenticating using
> the
> > interactive user (which in your test cases have been domain
> administrator).
> >
> > --
> > //David
> > IIS
> >
http://blogs.msdn.com/David.Wang
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > //
> > "tremorrs" <tremorrs@discussions.microsoft.com> wrote in message
> > news:689BEB19-4FC1-46BD-B159-A8E70A889198@microsoft.com...
> > Well there may be a domain issue since the server is on a seperate domain
> > from the client I am logging on with. Integrated Authentication will ask
> you
> > to log in if you specifically tell Internet explorer to always ask for a
> > password, I have done that for trouble shooting purposes. If I don't it
> will
> > automatically log me in as the Administrator. Any Ideas as to what the
> > domain
> > issue could be? I am suspicious that it may be set up wrong since it is
> > fairly new to our environment to have more than one domain. Plus the guy
> > that
> > set it up, it was his first time.
> > Also interesting note, if I use a mozilla browser such as fire fox, it
> will
> > prompt me for log in and it logs me in correctly. I assume it is because
> the
> > browser does not support integrated authentication. Unfortunatley those
> > browsers will not work with our intranet programming.
> >
> > "David Wang [Msft]" wrote:
> >
> > > With Integrated Authentication you should not see a login prompt, so I
> am
> > > not certain how you are choosing the user to login as and how your
> domain
> > > membership and trust relation is actually established. What you are
> > > describing sounds like you do not have domain membership setup correctly
> > and
> > > you have the domain admin as the anonymous user (or added the anonymous
> > user
> > > into the domain admin group) and have anonymous enabled somewhere -- so
> > when
> > > authentication fails and fell back to anonymous it auto-login domain
> admin
> > > that you configured.
> > >
> > > Now, since IIS only requires authentication and does not
> auto-authenticate
> > > (that is a client-side optimization), I can only presume that you are
> > either
> > > describing some client-side behavior unrelated to IIS or some
> > > domain-specific behavior unrelated to IIS.
> > >
> > > --
> > > //David
> > > IIS
> > >
http://blogs.msdn.com/David.Wang
> > > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> > > //
> > > "tremorrs" <tremorrs@discussions.microsoft.com> wrote in message
> > > news:73DECEE8-FC67-408B-8B1E-E3E5F46C347F@microsoft.com...
> > > Here is my problem, On a windows 2003 server, I am running IIS 6, Share
> > > Point
> > > services and Business Portal. I created a seperate website for our
> > Intranet
> > > and it is not configured for share point services. I disabled anonymous
> > > access to this intranet and enabled integrated authentication. Now
> here's
> > > the kicker, no matter who you logon as it will log you in as the domain
> > > administrator! Even if you press cancel at the logon prompt it will
> still
> > > let
> > > you in as the administrator. This server is a domain controller in a
> > > seperate
> > > domain from the user I am trying to logon, and I have tried with local
> > > domain
> > > users as well. The only way I can stop this behavior is to deny the
> > > administrator access to the intranet folder of the website. That is not
> > the
> > > best solution, as then the administrator can't edit anything within the
> > > website folders. Also if I use basic authentication it will log in the
> > > correct user, but that is not secure enough for us. Any Ideas?
> > >
> > >
> > >
> >
> >
> >
>
>
>