IIS 7 and Above
Change what to authenticate in Windows Authentication of IIS 8.5
Last post Jul 24, 2018 01:39 AM by xiaoyangr_shi
Jul 03, 2018 09:00 AM|xiaoyangr_shi|LINK
I have an IIS site implemented in one of my Windows Server 2012 R2 with IIS 8.5. It's joined into my AD. I've enabled Windows Authentication in IIS and it works well for all AD users.
But now I come into an issue that all AD users can only log on to the IIS site on the computers for which they have "log on to" permission in AD. For example, user A wants to access the IIS site with his own AD username/password on computer B and user A
doesn't have the "log on to" permission to computer B. Then IIS keeps prompting "Unauthorized: access is denied due to invalid credentials". It works well after I add the "log on to" permission to computer B for user A. It seems that IIS authentication works
the same way when an AD user logs into an AD computer locally.
What can I do to fix this issue without granting user A with logging on to permission to computer B? Is it possible to change IIS Authentication to authenticate just username/password, not the "log on to" permission?
Jul 04, 2018 02:00 AM|xiaoyangr_shi|LINK
Can anyone give me any clue?
Jul 04, 2018 05:39 AM|deepakpanchal10|LINK
You can try to use Mixed authentication setup.
It supports both forms of active directory authentication in a single instance. You can accomplish this by creating an additional website that enforces windows AD authentication. External users are authenticated via Relativity username and
password over SSL while internal users, those already authenticated into the domain, do not need to supply Relativity login credentials.
For detailed steps you can refer link below.
Mixed authentication setup
You can also try to check integrated windows authentication. It may also help you to solve the issue.
Enabling integrated Windows authentication
Jul 13, 2018 08:59 AM|xiaoyangr_shi|LINK
Thanks for your reply. I will dig into your suggested solutions. Thanks.
Jul 18, 2018 09:46 AM|deepakpanchal10|LINK
Hi xiaoyangr_sh..,Is your issue is solved now?
If yes, Then try to post a solution and mark it as an answer.
It can help us to close this thread and in future, It can help to other community members who have same kind of issue.
If your issue is still persist and If you have any further question regarding this thread then let us know about that.
we will try to provide further suggestions to solve the issue.
Thanks for your understanding.
Jul 24, 2018 01:39 AM|xiaoyangr_shi|LINK
No, we didn't think it as an issue. So we didn't try to solve it. We just take it as an security protection on our website and leave it as it was. Thanks for your help, anyway.