tags:

views:

14943

answers:

4
+3  Q: 

IIS7: Setup Integrated Windows Authentication like in IIS6

This is for IIS 7 on a Windows Server 2008 that is not part of an AD domain. I would like to password protect a website, where people have to enter a username/password (a windows account for example) to view the website. The website would then use its own authentication method (forms) to handle user accounts and decide whether or not to show member specific pages, etc.

With IIS6, we just disabled anonymous access and enabled integrated windows authentication. IIS7 behaves differently and when I enter the windows username/password to view the site, the site comes up fine but redirects to the login page. Once I log in, the site behaves naturally. I need to be able to navigate the site without logging in with the website credentials.

I don't think enabling anonymous access would make sense here since I want access to the website to be password protected (popup username/password dialog when you first navigate to the url).

Any help is appreciated!

A: 

So do you want them to get the IE password-challenge box, or should they be directed to your login page and enter their information there? If it's the second option, then you should at least enable Anonymous access to your login page, since the site won't know who they are yet.

If you want the first option, then the login page they're getting forwarded to will need to read the currently logged-in user and act based on that, since they would have had to correctly authenticate to get this far.

rwmnau  2009-01-12 19:29:52
I want them to get the popup dialog to be forced to access the site. But they will not be logged into the site at that point. They should then be able to navigate the pages on the site and optionally login using the webpage login.
Jim Geurts  2009-01-12 19:55:21
+3  A: 

Two-stage authentication is not supported with IIS7 Integrated mode. Authentication is now modularized, so rather than IIS performing authentication followed by asp.net performing authentication, it all happens at the same time.

You can either:

  1. Change the app domain to be in IIS6 classic mode...
  2. Follow this example of how to fake two-stage authentication with IIS7 integrated mode.
Jim Geurts  2009-01-13 02:13:30
btw, I couldn't get classic mode to operate as intended either...
Jim Geurts  2009-01-13 14:29:59
+2  A: 

To enable the Windows Authentication on IIS7 on Windows 7 machine:

Go TO Control Panel.

Click Programs and Features, select Turn Windows Features on or off from left side.

Expand Internet Information Services >> World Wide Web Services >> Security

Select Windows Authentication and click OK.

Reset the IIS and Check in IIS now for windows authentication.

Enjoy

Prashant S  2010-06-07 06:39:21
A: 

Configure IIS7 for windows authentication in Windows Server 2008

See this link:

http://www.iis.net/ConfigReference/system.webServer/security/authentication/windowsAuthentication

Enjoy this post :-)

Amir Abolfazli  2010-07-15 06:26:18

related questions

How do I write Firefox add-on that automatically enters proxy passwords?
Login Integration in PHP
Strange Rails Authentication Issue
Concurrent logins in a web farm
Is there a browser equivalent to IE's ClearAuthenticationCache?
How can I authenticate using client credentials in WCF just once?
Why can't I connect to my CAS server with Perl's AuthCAS?
Best Solution For Authentication in Ruby on Rails
Authenticate on an ASP.Net Forms Authorization website from a console app
How do I use NTLM authentication with Active Directory
What have you used Windows CardSpace for, if anything
Forms Authentication across Applications
Retreiving the PC Name of a Client? (Windows Auth)
How would you implement FORM based authentication without a backing database?
What's the best way to authenticate over WCF?
Only accepting certain ajax requests from authenticated users
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
What to use for login ID?
ASP.NET authentication: user name Vs User ID
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Checklist for IIS 6/ASP.NET Windows Authentication?
The Definitive Guide To Website Authentication