IIS 7 and Above
authentication to internal IIS site
Last post Jan 28, 2021 02:58 AM by Brucz
Jan 27, 2021 04:28 AM|aholt.hyde|LINK
hi, a bit random but at a complete loss. We've had microsoft identity manager installed and that has a web front end that users can administer their user account. However, when the user navigates to the internal servers url, they are prompted for a username
and password, which is fine, but the only way they can log on is if they enter \username and password. Normally, i'd expect either domain\username or simply username, but for the life of me, i can't work out why it needs the \ to authenticate.
In chrome it just works with the username and password, but in Edge and IE, its the whole \ thing. any pointers would be appreciated.
Jan 27, 2021 06:40 AM|lextm|LINK
We've had microsoft identity manager installed and that has a web front end that users can administer their user account.
That requires you to post the specific question with identity manager tag on Microsoft Q&A,
https://docs.microsoft.com/en-us/answers/topics/microsoft-identity-manager.html not here.
Jan 27, 2021 07:39 AM|aholt.hyde|LINK
ok, but slightly confused as to why that would be the case. IIS is he delivery tool of MIM and the challenge/response is
surely carried out by IIS ?
Jan 28, 2021 02:58 AM|Brucz|LINK
When a Web browser such as Microsoft Internet Explorer attempts to connect to an IIS server configured for Windows NT Challenge/Response Authentication, the IIS server challenges the browser to perform a complex mathematical calculation on the password
of the logged-on user who is using the browser and to return the result of this calculation to the server.
The server also performs the calculation on the user’s password obtained from a domain controller’s Security Account Manager (SAM) database. If the two calculations agree, the client is considered authenticated. If they differ, the user is prompted
for a valid Windows NT username and password.
If the user provides invalid credentials, the server sends a Hypertext Transfer Protocol (HTTP) status code to the client browser indicating that access is denied unless some other authentication scheme is enabled.
So after enabling windows authentication in IIS, it is very important for non-domain account users to provide account passwords.