locked
authentication to internal IIS site RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User1685832807 posted

    hi, a bit random but at a complete loss. We've had microsoft identity manager installed and that has a web front end that users can administer their user account. However, when the user navigates to the internal servers url, they are prompted for a username and password, which is fine, but the only way they can log on is if they enter \username and password. Normally, i'd expect either domain\username or simply username, but for the life of me, i can't work out why it needs the \ to authenticate. 

    In chrome it just works with the username and password, but in Edge and IE, its the whole \ thing. any pointers would be appreciated. 

    Wednesday, January 27, 2021 4:28 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User690216013 posted

    We've had microsoft identity manager installed and that has a web front end that users can administer their user account.

    That requires you to post the specific question with identity manager tag on Microsoft Q&A, https://docs.microsoft.com/en-us/answers/topics/microsoft-identity-manager.html not here.

    Wednesday, January 27, 2021 6:40 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User1685832807 posted

    ok, but slightly confused as to why that would be the case. IIS is he delivery tool of MIM and the challenge/response is surely carried out by IIS ? 

    Wednesday, January 27, 2021 7:39 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User1771714573 posted

    Hi aholt.hyde,

    When a Web browser such as Microsoft Internet Explorer attempts to connect to an IIS server configured for Windows NT Challenge/Response Authentication, the IIS server challenges the browser to perform a complex mathematical calculation on the password of the logged-on user who is using the browser and to return the result of this calculation to the server.

    The server also performs the calculation on the user’s password obtained from a domain controller’s Security Account Manager (SAM) database. If the two calculations agree, the client is considered authenticated. If they differ, the user is prompted for a valid Windows NT username and password.

    If the user provides invalid credentials, the server sends a Hypertext Transfer Protocol (HTTP) status code to the client browser indicating that access is denied unless some other authentication scheme is enabled.

    So after enabling windows authentication in IIS, it is very important for non-domain account users to provide account passwords.

    Best regards,

    Brucz

    Thursday, January 28, 2021 2:58 AM