« Previous Next »

• 08-28-2008, 9:38 AM

  ScottMacMaster Joined on 08-28-2008, 1:33 PM Posts 3

  Default Domain On Login Reply Contact My company's intranet has various web apps on it.  Most require a logon using integrated windows authentication.  The logon window, of course, asks for your username and password.  The username has to be username@ourdomain.com.  My bosses would like the username to be just username.  Is there some way to configure something to use ourdomain.com as a default domain so our users don't have to type it? Thanks,

• 08-29-2008, 10:07 AM

  In reply to

  tomkmvp Joined on 03-20-2003, 10:27 AM Central NJ Posts 6,185	Re: Default Domain On Login Reply Contact If Internet Explorer is configured correctly, then no one would have to manually supply their credentials ... http://support.microsoft.com/kb/258063 Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/

• 08-29-2008, 11:28 AM

  In reply to

  ScottMacMaster Joined on 08-28-2008, 1:33 PM Posts 3

  Re: Default Domain On Login Reply Contact I'm not looking to eliminate the login.  I just want to make typing the domain part optional.  Most people use our intranet for web mail (through exchange).  They'd usually be accessing that from outside our network.  Although, there are apps that people use from in our network. I do have a couple questions based on what's in the article you referenced about automatic authentication. 1. client and web server must be in the same 2000-based domain. Our client and web server are in the same domain (except when we access our intranet from outside our network). However, we upgraded to a fully qualified domain earlier this year.  Does our domain still quality as a 2000-based domain? 2. The url most be local. The certificate we have is for appserver.ourcompany.com.  So when I access https://appserver I get a certificate warning.  That url won't work outside our network.  Our users get confused easily so instead of giving two url's we passed out one url https://appserver.ourcompany.com.  Is there a way to tell IE that https://appserver.ourcompany.com is a local url so that this condition can be met?   Thanks

• 08-29-2008, 1:12 PM

  In reply to

  tomkmvp Joined on 03-20-2003, 10:27 AM Central NJ Posts 6,185	Re: Default Domain On Login Reply Contact 1. I have no idea. 2. I think there's a way to tell IE what FQDN's are part of your intranet (I'm on my iMac right now so I can't check this ...) Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/

• 09-03-2008, 7:08 AM

  In reply to

  WenJun Zhang - MSFT Joined on 08-26-2008, 10:53 PM Posts 138

  Re: Default Domain On Login Reply Contact Hi, There is no way to use *default logon domain* with integrated auth. This is a by design issue due to the basic mechanism of NTLM and Kerberos authentication.  Basic auth supports default logon domain because the username and password is sent to IIS after Base64 encode and the actual logon action occurs on IIS server. There is no logon session established on the client side.  However integrated auth is totally different, there is no user account's password sent to the server-side. IE client needs to communicate with DC first to retrieve its Kerberos token or NTLM hash string and then send them to IIS to perform the authentication. In other word, the logon action does happen between the client and DC. And as you know, domain\username and username are totally different credentials to NTLM or Kerberos logon...Therefore, to support default logon domain for integrated authentication, it needs to be an IE feature instead of IIS.  Thanks.   WenJun Zhang - MSFT Sincerely Microsoft Online Community Support “Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

• 09-03-2008, 9:44 AM

  In reply to

  ScottMacMaster Joined on 08-28-2008, 1:33 PM Posts 3

  Re: Default Domain On Login Reply Contact Well, that makes sense.  However, what do you mean be basic authentication?  Do you mean forms authentication or something else.  Probably doesn't matter since webmail through exchange uses integrated authentication so we still wouldn't be able to make the login name consistant for everything.  What's really annoying is the help desk software we use uses domain/username.  So we have three different logins.

• 09-03-2008, 10:30 AM

  In reply to

  tomkmvp Joined on 03-20-2003, 10:27 AM Central NJ Posts 6,185	Re: Default Domain On Login Reply Contact Basic authentication is one of the authentication options for IIS. http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/9b619620-4f88-488b-8243-e6bc7caf61ad.mspx Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/