IIS 10 authentication with 2 options [Answered]RSS

5 replies

Last post Dec 03, 2019 11:14 AM by pashtetadomanet@mail.ru

  • IIS 10 authentication with 2 options

    Nov 29, 2019 08:37 AM|pashtetadomanet@mail.ru|LINK

    good gay!

    iam  Alexandr. Sorry with my english

    Is it possible to implement: 

    There is a virtual machine, IIS 10, SQL server, Elma Server application is running on it
    Windows authentication works under Kerberos protocol. Accordingly, domain users enter without entering a username / password. There was a need so that non-domain computers could enter.
    For example, a user visits the site, has not passed Windows authentication, after which the login form for the Elma application opens.
    In what situation is this needed?
    If an employee-manager goes to present the product to the customer and he needs to go to our portal (which is published) so that there are no problems with the entrance.
    Have you had any such cases?

  • Re: IIS 10 authentication with 2 options

    Nov 29, 2019 02:20 PM|lextm|LINK

    pashtetadomanet@mail.ru

    There was a need so that non-domain computers could enter.

    What you really need is a gateway solution. Microsoft initially had Forefront Threat Management Gateway, but deprecated it. Now you should look for a third party replacement.

    Lex Li
    https://lextudio.com
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Re: IIS 10 authentication with 2 options

    Dec 02, 2019 02:45 AM|Yuk Ding|LINK

    Hi Alexandr,

    Since Windows authentication works as an independent module in IIS pipeline, you can't inject another kind of authentication because if windows authentication fail, IIS will return 401.2 error without any other authentication logic. 

    There are two way to achieve your requirement.

    1. 1.Use form authentication instead so that you can integrate Kerberos  authentication and non-domain authentication together manually.
    2. 2.Create a front-end authentication gateway to handle this as Lex said.

    Best Regards,

    Jokies Ding

    Yuk Ding

    MSDN Community Support
    Please remember to "Mark as Answer" the responses that resolved your issue.
  • Re: IIS 10 authentication with 2 options

    Dec 03, 2019 03:42 AM|pashtetadomanet@mail.ru|LINK

    Thank you for reply

    I apologize for the late reply, we had a day off and a holiday :)

    You are right, indeed, if Windows authentication did not succeed, then there will be a 401 error
    if you enable Windows and Forms authentication in IIS settings, you get a message that both methods do not work, in particular, forms authentication.

    Of course I heard about TMG, but microsoft is not supported. I think that is not relevant

    In general, there is something to think about. . .
    Would you recommend something?

  • Re: IIS 10 authentication with 2 options

    Dec 03, 2019 09:35 AM|Yuk Ding|LINK

    Hi Alexandr,

    Since windows authentication also could be used for external website as long as you register SPN for external domain name. What about create a specific user account for external client? 

    Best Regards,

    Jokies Ding

    Yuk Ding

    MSDN Community Support
    Please remember to "Mark as Answer" the responses that resolved your issue.
  • Re: IIS 10 authentication with 2 options

    Dec 03, 2019 11:14 AM|pashtetadomanet@mail.ru|LINK

    External Authentication Not Configured

    SPN for the external name in the properties of the user from whom the pool is launched. Do you mean this? if so, then SPN are registered.