We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

authentication to internal IIS siteRSS

3 replies

Last post Jan 28, 2021 02:58 AM by Brucz

  • authentication to internal IIS site

    Jan 27, 2021 04:28 AM|aholt.hyde|LINK

    hi, a bit random but at a complete loss. We've had microsoft identity manager installed and that has a web front end that users can administer their user account. However, when the user navigates to the internal servers url, they are prompted for a username and password, which is fine, but the only way they can log on is if they enter \username and password. Normally, i'd expect either domain\username or simply username, but for the life of me, i can't work out why it needs the \ to authenticate. 

    In chrome it just works with the username and password, but in Edge and IE, its the whole \ thing. any pointers would be appreciated. 

  • Re: authentication to internal IIS site

    Jan 27, 2021 06:40 AM|lextm|LINK

    aholt.hyde

    We've had microsoft identity manager installed and that has a web front end that users can administer their user account.

    That requires you to post the specific question with identity manager tag on Microsoft Q&A, https://docs.microsoft.com/en-us/answers/topics/microsoft-identity-manager.html not here.

    Lex Li
    Want to have a chat on the issues you meet? Book an appointment at https://buy.stripe.com/cN24ia0yi7sAdIA7sv
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Re: authentication to internal IIS site

    Jan 27, 2021 07:39 AM|aholt.hyde|LINK

    ok, but slightly confused as to why that would be the case. IIS is he delivery tool of MIM and the challenge/response is surely carried out by IIS ? 

  • Re: authentication to internal IIS site

    Jan 28, 2021 02:58 AM|Brucz|LINK

    Hi aholt.hyde,

    When a Web browser such as Microsoft Internet Explorer attempts to connect to an IIS server configured for Windows NT Challenge/Response Authentication, the IIS server challenges the browser to perform a complex mathematical calculation on the password of the logged-on user who is using the browser and to return the result of this calculation to the server.

    The server also performs the calculation on the user’s password obtained from a domain controller’s Security Account Manager (SAM) database. If the two calculations agree, the client is considered authenticated. If they differ, the user is prompted for a valid Windows NT username and password.

    If the user provides invalid credentials, the server sends a Hypertext Transfer Protocol (HTTP) status code to the client browser indicating that access is denied unless some other authentication scheme is enabled.

    So after enabling windows authentication in IIS, it is very important for non-domain account users to provide account passwords.

    Best regards,

    Brucz

    .NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today.