+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 20
Web Development Thread, Authenticate IIS against AD transparently in Coding and Web Development; HI I have an internal intranet site and I would like to restrict to who can view it. I have ...
  1. #1

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,773
    Thank Post
    865
    Thanked 1,663 Times in 1,448 Posts
    Blog Entries
    11
    Rep Power
    442

    Authenticate IIS against AD transparently

    HI

    I have an internal intranet site and I would like to restrict to who can view it. I have setup IIS and the site is up and running. I would like to setup security so when a user access the site it authenticates them transparently if they are logged onto the domain.

    What security settings do i need to set in IIS to achieve this please?

    Thanks

    z

  2. #2

    Join Date
    May 2008
    Location
    Cheshire
    Posts
    288
    Thank Post
    48
    Thanked 27 Times in 24 Posts
    Rep Power
    18
    Hi FN-Greatermanchester,

    Have you thought about using ASP.NET? Within the web.config put in <authentication mode="Windows"/>
    <identity impersonate="true"/>

    Then as venkatzeus (asp.net web application authentication - ASP.NET Forums) said
    Please try this:

    1. In the Browser (IE), go to "Tools->Options...-> security tab", add the
    website address to "Trusted Sites",

    or


    2. Select "Local Intranet" and click "Custom Level...", scroll down to "User
    Authentication->User Logon", select "Automatically logon with current user
    name and password".

    Also please try enabling the Anonymous access.

    Click Start->Run->inetmgr->check Properties of "Web Sites"->switch to Directory Security->edit Authentication and Access control->Check "Enable Anonymous Access"

    Hope this helps!

  3. Thanks to Pashers from:

    FN-GM (11th August 2008)

  4. #3

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    In the properties for the site, under 'Directory Security' then 'Authentication and Access Control' switch off anonymous mode and ensure that Integrated Windows Authentication is on.

    IIRC you can leave anonymous on, and IWA will take precedence, but don't quote me on it.

  5. #4

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Oh one caveat I have found: if the address you are using has a dot in it (like intranet.mydomain.local) IE will not transmit authentication data, and the user will be prompted to log in in the normal way.

  6. #5

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,773
    Thank Post
    865
    Thanked 1,663 Times in 1,448 Posts
    Blog Entries
    11
    Rep Power
    442
    Hi guys

    if i add it to the list of intranet site it does just what i want it to. Is there a way to add it in group policy please?

    Thanks

  7. #6

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182

  8. Thanks to powdarrmonkey from:

    FN-GM (11th August 2008)

  9. #7

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,773
    Thank Post
    865
    Thanked 1,663 Times in 1,448 Posts
    Blog Entries
    11
    Rep Power
    442
    Just the job

    thanks

  10. #8

    Join Date
    May 2007
    Location
    Bradford
    Posts
    71
    Thank Post
    1
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    I'm having a similar issue. We have 1 network and 2 Intranet sites (staff and student).

    My predecessor set them both up with the IIS default anonymous user authentication, which has worked great till now.

    The students have found the ip of the staff Intranet and can now browse it.

    I need to set the staff Intranet so only staff accounts can access it.

    How on earth do I do it?

    Both sites are home made and not a cms or vle package.

  11. #9

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,773
    Thank Post
    865
    Thanked 1,663 Times in 1,448 Posts
    Blog Entries
    11
    Rep Power
    442
    Setup IIS to use Ad authetntication, then on the website itself set the permissions so only staff can read. Then add the address to the local intranet. Can be dome ,works a treat.

    If your stuck give us a shout.

    Z

  12. #10

    Join Date
    May 2007
    Location
    Bradford
    Posts
    71
    Thank Post
    1
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    I tried that first, I gave the staff group read rights to c:\inetpub\intranet

    then unticked the anonymous user in authentication methods and selected Integrated Windows Authentication.

    but now when you browse to the site as a staff member it brings up a login box to connect to the site.

    Any ideas?

  13. #11

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,773
    Thank Post
    865
    Thanked 1,663 Times in 1,448 Posts
    Blog Entries
    11
    Rep Power
    442
    at right, well have you added the site to the local intranet in IE settings?

    Also when you set the permissions wipe all existing ones then add the groups you want to view and change. There is a group (cant remember the name) that when it is added it lets people in it shouldn't

  14. Thanks to FN-GM from:

    rasssp (20th January 2009)

  15. #12

    Join Date
    May 2007
    Location
    Bradford
    Posts
    71
    Thank Post
    1
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    Thats it!, I didn't add it to the policy, done that and it works a treat.

    Cheers

  16. #13

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,773
    Thank Post
    865
    Thanked 1,663 Times in 1,448 Posts
    Blog Entries
    11
    Rep Power
    442
    Quote Originally Posted by rasssp View Post
    Thats it!, I didn't add it to the policy, done that and it works a treat.

    Cheers
    Easy mistake to make, i take it you did it in group policy?

    can i have a thanks please

    Z

  17. #14

    Join Date
    May 2007
    Location
    Bradford
    Posts
    71
    Thank Post
    1
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    yea, its set in the group policy for staff and admin staff.

    all the students get now is the login box

  18. #15

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,773
    Thank Post
    865
    Thanked 1,663 Times in 1,448 Posts
    Blog Entries
    11
    Rep Power
    442
    Yep thats how it should go.

    Z

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Transparently Authenticate Outlook Web Access
    By FN-GM in forum How do you do....it?
    Replies: 2
    Last Post: 2nd July 2008, 01:18 PM
  2. IIS
    By Edu-IT in forum Windows
    Replies: 2
    Last Post: 5th May 2008, 09:15 PM
  3. Replies: 2
    Last Post: 26th February 2008, 08:20 PM
  4. Replies: 5
    Last Post: 21st February 2007, 04:40 PM
  5. Front-end IIS server, forward requests to Back-end IIS
    By ryan_powell in forum How do you do....it?
    Replies: 5
    Last Post: 18th October 2006, 10:38 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •