Web Development Thread, Authenticate IIS against AD transparently in Coding and Web Development; HI
I have an internal intranet site and I would like to restrict to who can view it. I have ...
11th August 2008, 10:27 AM #1
Authenticate IIS against AD transparently
I have an internal intranet site and I would like to restrict to who can view it. I have setup IIS and the site is up and running. I would like to setup security so when a user access the site it authenticates them transparently if they are logged onto the domain.
What security settings do i need to set in IIS to achieve this please?
11th August 2008, 10:48 AM #2
Have you thought about using ASP.NET? Within the web.config put in <authentication mode="Windows"/>
Then as venkatzeus (asp.net web application authentication - ASP.NET Forums) said
Please try this:
1. In the Browser (IE), go to "Tools->Options...-> security tab", add the
website address to "Trusted Sites",
2. Select "Local Intranet" and click "Custom Level...", scroll down to "User
Authentication->User Logon", select "Automatically logon with current user
name and password".
Also please try enabling the Anonymous access.
Click Start->Run->inetmgr->check Properties of "Web Sites"->switch to Directory Security->edit Authentication and Access control->Check "Enable Anonymous Access"
Hope this helps!
11th August 2008, 10:49 AM #3
In the properties for the site, under 'Directory Security' then 'Authentication and Access Control' switch off anonymous mode and ensure that Integrated Windows Authentication is on.
IIRC you can leave anonymous on, and IWA will take precedence, but don't quote me on it.
11th August 2008, 10:50 AM #4
Oh one caveat I have found: if the address you are using has a dot in it (like intranet.mydomain.local) IE will not transmit authentication data, and the user will be prompted to log in in the normal way.
11th August 2008, 11:00 AM #5
if i add it to the list of intranet site it does just what i want it to. Is there a way to add it in group policy please?
11th August 2008, 11:01 AM #6
Thanks to powdarrmonkey from:
11th August 2008, 11:21 AM #7
20th January 2009, 10:17 AM #8
- Rep Power
I'm having a similar issue. We have 1 network and 2 Intranet sites (staff and student).
My predecessor set them both up with the IIS default anonymous user authentication, which has worked great till now.
The students have found the ip of the staff Intranet and can now browse it.
I need to set the staff Intranet so only staff accounts can access it.
How on earth do I do it?
Both sites are home made and not a cms or vle package.
20th January 2009, 10:43 AM #9
Setup IIS to use Ad authetntication, then on the website itself set the permissions so only staff can read. Then add the address to the local intranet. Can be dome ,works a treat.
If your stuck give us a shout.
20th January 2009, 10:56 AM #10
- Rep Power
I tried that first, I gave the staff group read rights to c:\inetpub\intranet
then unticked the anonymous user in authentication methods and selected Integrated Windows Authentication.
but now when you browse to the site as a staff member it brings up a login box to connect to the site.
20th January 2009, 11:03 AM #11
at right, well have you added the site to the local intranet in IE settings?
Also when you set the permissions wipe all existing ones then add the groups you want to view and change. There is a group (cant remember the name) that when it is added it lets people in it shouldn't
Thanks to FN-GM from:
rasssp (20th January 2009)
20th January 2009, 11:29 AM #12
- Rep Power
Thats it!, I didn't add it to the policy, done that and it works a treat.
20th January 2009, 11:31 AM #13
Easy mistake to make, i take it you did it in group policy?
Originally Posted by rasssp
can i have a thanks please
20th January 2009, 11:49 AM #14
- Rep Power
yea, its set in the group policy for staff and admin staff.
all the students get now is the login box
20th January 2009, 11:57 AM #15
Yep thats how it should go.
By FN-GM in forum How do you do....it?
Last Post: 2nd July 2008, 01:18 PM
By Edu-IT in forum Windows
Last Post: 5th May 2008, 09:15 PM
By kerlj001 in forum Coding
Last Post: 26th February 2008, 08:20 PM
By sidewinder in forum Windows
Last Post: 21st February 2007, 04:40 PM
By ryan_powell in forum How do you do....it?
Last Post: 18th October 2006, 10:38 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)