My web server is Windows 2008 R2 and has IIS7.5 installed on it. The user logged on the webserver is User1@Domain1.com.
I have a classic asp page on a website where I have enabled the following:
1. Windows Authentication is enabled and everything else is disabled.
2. On windows Authentication advanced settings, I have "Accept" on the extended protection drop down and kernel mode authentication enabled.
3. Application Pool refers to a pool with .NetFramework version v.2.xx and Classic Managed pipeline mode and set to an identity of a domain user from the same domain as the web server, say User2@Domain1.com.
4. The asp page just lists down the AUTH_USER and LOGON_USER.
CASE 1 : On the client machine, when I am logged on as User3@Domain1.com, the AUTH_USER = Domain1\User3 and LOGON_USER = Domain1\User3.
CASE 2: On the client machine, when I am logged on as User4@Domain2.com (trusted domain) and access the website with the url such as http://webservername/websitename/testpage.asp, the AUTH_USER = Domain1\User1 and LOGON_USER = Domain1\User1.
CASE 3: On the client machine, when I am logged on as User4@Domain2.com (trusted domain) and access the website with the url such as http://webservername.Domain1.com/websitename/testpage.asp, I get a windows logon dialog box. Whatever user credentials I login
using that dialog, I get corresponding correct results in the Testpage.asp. So in this case, if I enter the credentials for User4@Domain2.com into the windows login dialog box, I get AUTH_USER = Domain2\User4 and LOGON_USER = Domain2\User4.
Q1: If IIS does not get my credentials, why does it take the current server user (User1@Domain1.com) , instead of throwing me the windows logon dialog?
Q2: In Case 3, why does it ask me for credentials, if it is able to accept the same credentials when I enter them into the dialog box?
Q3: How can I resolve this issue and let the Domain1 and Domain2 users log in seamlessly into the website without any dialogs and as correct users?
P.s: I did try adding the urls http://webservername/ and http://webservername.domain1.com into the Intranet websites list, but did not get the desired effect.
1) You're not using the domain name, only the system name when calling the web server
2) Your web client isn't set to pass credentials to untrusted sites. Add the domain to the intranet zone in IE so it will trust the doamin and pass credentials.
3) Always use the full host/domain and you'll gte the proper domain security, make sure the domains are in the intranet zone so credentials will pass.
lpatnaik90
1 Post
Cannot get logged in user (trusted domain) on website supporting Windows Authentication and hoste...
May 15, 2012 03:46 PM|LINK
I have a classic asp page on a website where I have enabled the following:
1. Windows Authentication is enabled and everything else is disabled.
2. On windows Authentication advanced settings, I have "Accept" on the extended protection drop down and kernel mode authentication enabled.
3. Application Pool refers to a pool with .NetFramework version v.2.xx and Classic Managed pipeline mode and set to an identity of a domain user from the same domain as the web server, say User2@Domain1.com.
4. The asp page just lists down the AUTH_USER and LOGON_USER.
CASE 1 : On the client machine, when I am logged on as User3@Domain1.com, the AUTH_USER = Domain1\User3 and LOGON_USER = Domain1\User3.
CASE 2: On the client machine, when I am logged on as User4@Domain2.com (trusted domain) and access the website with the url such as http://webservername/websitename/testpage.asp, the AUTH_USER = Domain1\User1 and LOGON_USER = Domain1\User1.
CASE 3: On the client machine, when I am logged on as User4@Domain2.com (trusted domain) and access the website with the url such as http://webservername.Domain1.com/websitename/testpage.asp, I get a windows logon dialog box. Whatever user credentials I login using that dialog, I get corresponding correct results in the Testpage.asp. So in this case, if I enter the credentials for User4@Domain2.com into the windows login dialog box, I get AUTH_USER = Domain2\User4 and LOGON_USER = Domain2\User4.
Q1: If IIS does not get my credentials, why does it take the current server user (User1@Domain1.com) , instead of throwing me the windows logon dialog?
Q2: In Case 3, why does it ask me for credentials, if it is able to accept the same credentials when I enter them into the dialog box?
Q3: How can I resolve this issue and let the Domain1 and Domain2 users log in seamlessly into the website without any dialogs and as correct users?
P.s: I did try adding the urls http://webservername/ and http://webservername.domain1.com into the Intranet websites list, but did not get the desired effect.
jeff@zina.co...
3379 Posts
MVP
Moderator
Re: Cannot get logged in user (trusted domain) on website supporting Windows Authentication and h...
May 15, 2012 07:49 PM|LINK
1) You're not using the domain name, only the system name when calling the web server
2) Your web client isn't set to pass credentials to untrusted sites. Add the domain to the intranet zone in IE so it will trust the doamin and pass credentials.
3) Always use the full host/domain and you'll gte the proper domain security, make sure the domains are in the intranet zone so credentials will pass.
Jeff