IIS Authentication

rajthampi · 11-14-2005, 10:29 PM

Hi Guys

I have deployed one Microsoft Windows 2003 Standard edition server for hosting our CRM Application. Right now we are progressing through deploying this application in the internet for our sales executives who travel loads.
Since this application is not for public, but only for our employees, We want to have "Integrated Windows Authentication" enabled for our remote users. Problem by enabling this authentication method is, users from LAN are also asked for a username and password, which is not warmly welcomed by our local area network users.

So I want to know whether we can set up IIS in a way that, it differs the LAN users from remote principals and triggers or suppresses the authentication.

Thanks in advance and regards

**Squashman** · 11-15-2005, 12:36 PM

Which Authentication method did you chose. Basic Authentication wont work. You need to use NTLM Challenge and response.

How to configure in IIS:

Open the MMC and select the site or directory you wish to protect
Right click and select properties on that site / directory
Select the directory security tab
Click the "edit" button on authentication control
Disable basic authentication and enable NTLM / Integrated Windows Authentication
Now your site is setup to support NTLM authentication you need to change the NTFS permissions for the directory you want to protect and add any users or groups you wish to have access.

With NTLM challenge and respose, it will first try and authenicate with the username and password that the user used to logon to their local computer or domain. If the IIS server is not part of the domain or the user doesn't have a local username and password on the IIS server it will prompt them for a username and password. Plus you need to set the Proper NTFS permissions as well.

rajthampi · 11-16-2005, 03:16 AM

Thanks for your reply Squashman. I'll try the solution you suggested.

11-14-2005, 10:29 PM	#1 (permalink)
rajthampi Registered User Join Date: Oct 2004 Location: Kuwait Posts: 123 OS: Windows 2003, Windows XP SP3...	IIS Authentication Hi Guys I have deployed one Microsoft Windows 2003 Standard edition server for hosting our CRM Application. Right now we are progressing through deploying this application in the internet for our sales executives who travel loads. Since this application is not for public, but only for our employees, We want to have "Integrated Windows Authentication" enabled for our remote users. Problem by enabling this authentication method is, users from LAN are also asked for a username and password, which is not warmly welcomed by our local area network users. So I want to know whether we can set up IIS in a way that, it differs the LAN users from remote principals and triggers or suppresses the authentication. Thanks in advance and regards __________________ If it is a door, It will open.

11-15-2005, 12:36 PM	#2 (permalink)
Squashman Tech, Networking Forums Join Date: Apr 2005 Location: 1265 Lombardi Ave. Posts: 1,142 OS: All of the above	Which Authentication method did you chose. Basic Authentication wont work. You need to use NTLM Challenge and response. How to configure in IIS: Open the MMC and select the site or directory you wish to protect Right click and select properties on that site / directory Select the directory security tab Click the "edit" button on authentication control Disable basic authentication and enable NTLM / Integrated Windows Authentication Now your site is setup to support NTLM authentication you need to change the NTFS permissions for the directory you want to protect and add any users or groups you wish to have access. With NTLM challenge and respose, it will first try and authenicate with the username and password that the user used to logon to their local computer or domain. If the IIS server is not part of the domain or the user doesn't have a local username and password on the IIS server it will prompt them for a username and password. Plus you need to set the Proper NTFS permissions as well. Last edited by Squashman; 11-15-2005 at 12:40 PM.

11-16-2005, 03:16 AM	#3 (permalink)
rajthampi Registered User Join Date: Oct 2004 Location: Kuwait Posts: 123 OS: Windows 2003, Windows XP SP3...	Thanks Squashman Thanks for your reply Squashman. I'll try the solution you suggested. __________________ If it is a door, It will open.