locked
RSA Auth with Digest Auth RRS feed

  • Question

  •  

    I've using RSA Securid with their web authentication agent for IIS in Server 2003 and IIS 6.  The RSA filters completely separate authentication from any regular user authentication in windows.  As a result, when a valid username and pin:id code are entered, RSA returns the correct cookie and the user is logged in... except they really aren't at all.  IIS processes still spawn as whatever anonymous acount is established to serve pages.

     

    Is there a way to cause the RSA login success force further requests to be served by the actual user as they are in Active Directory.  I've already run the scripts to import AD users into RSA, but that doesn't imply integration... its just a list that matches.  If I were using digest authentication and passing the credentials to AD, the user would gain the rights to NTFS and SQL of the user they were logging in as.

     

    I'd like to do this with a single sign-on.  It would be pretty tacky if I forced users to enter their two factor auth and then popped up ANOTHER dialog and forced them to HTTP auth.

     

    Thank you,

     

    -Ethan Nelson

    Lane Transit District

    Eugene, OR

    Wednesday, January 30, 2008 4:42 PM

Answers

  • Hi Ethan,

       IT Pro guys are better than solution architects to answer this. Take a look at Technet forums, as they are also segmented by product so you may try with IIS guys, AD guys, etc, in order to know if someone else already tried the authentication schema you want to achieve

    Tuesday, April 29, 2008 9:52 PM