IIS 7 and Above
Windows Authentication Port Forwarding Issue
Last post Aug 05, 2018 09:56 PM by LVTS
Aug 04, 2018 07:16 PM|LVTS|LINK
Aug 04, 2018 10:12 PM|lextm|LINK
when I enter my username and password on the WWW version,
What do you mean by WWW version? Don't ever intend to run Windows authentication outside of an internal network, as that's insane.
Aug 04, 2018 10:15 PM|LVTS|LINK
Sorry, I don't think I made my post clear!
When I say 'WWW Version' I mean the actual version that other people can view outside of my local network. I would like Windows Authentication so that my staff can access their utilities on a website I have put together. There's nothing too sensitive apart
from download links to staff programs ect. When you go to the page you enter your domain username and password that you would use to log onto a computer connected to my domain.
Aug 05, 2018 11:29 AM|lextm|LINK
There's nothing too sensitive apart from download links to staff programs ect.
Like I said, you cannot use built-in Windows authentication that way, as you cannot expose your domain controllers outside (that's considered a typical security best practice).
If you do plan to specific version for other people outside of your network, use forms authentication (and HTTPS) and verify user input (user name/password) against AD. Microsoft products, such as Outlook Web App, are designed this way.
Aug 05, 2018 11:35 AM|LVTS|LINK
This is confusing. I know other businesses that use Windows Authentication. I can't use forms authentication because I don't have a webpage with a username and a password box. Please see the attached screenshot of what I am talking about.
Aug 05, 2018 09:51 PM|lextm|LINK
This is confusing. I know other businesses that use Windows Authentication.
Like I said above, even a commercial product like Outlook Web App uses forms authentication. That's how Microsoft can achieve both easy-to-use and security. It is rather simple to create your own login page.
Note that there are third party products for such, like
https://support.kemptechnologies.com/hc/en-us/articles/203125029-Edge-Security-Pack-ESP- (I didn't test it, but its documentation contains that feature).
Exposing domain controllers (I can only guess that the screen shot indicated that), however, is insane, because they can be easily hacked, and then the whole domain can be taken down. Technologies such as Read-Only Domain Controller might help, though, but
still you should avoid that,
Aug 05, 2018 09:56 PM|LVTS|LINK
Thank you for all of your responses. I found a resolution to what I wanted earlier on today. I was getting slightly confused about what Windows Authentication was. I installed the basic authentication role in the server manager and configured my domain to
use it on IIS. Now when I go to the website locally or via the actual domain I can sign in using my AD DC Credentials. I am using HTTPS to do you think everything should be secure?