I'm setting up a site on our intranet, and we want to control access to it. We're using integrated windows authentication in IIS, and want to limit access to the site to just certain AD groups. By changing the filesystem security on the web folder to just those allowed groups, people who are members of the group can access the site just fine. If they are on a PC that doesn't have access (generic PCs), a windows login prompt comes up, and a valid user can type in their username and password and access the site as they should.
The problem is that when the prompt comes up, the user is required to enter their fully quality domain name, i.e., MYDOMAIN\myusername instead of just being able to type their username and password. Security and management is having a fit about this, and I'm stumped. I can switch to basic authentication and put in a default domain, but that doesn't apparently work that way if integrated auth is there. If I take integrated authentication off, then it prompts for everyone, which they don't want.
The best way to do it probably would have been forms authentication from the beginning, it would have been cleaner, but everyone would have had to log in unless we saved login states or something. But it's too late to go back and redo it.
Is there any way to have it "default" to the domain name I want instead of the server machine name? I'm just not understanding what's all going on. Thanks!
The problem is that when the prompt comes up, the user is required to enter their fully quality domain name, i.e., MYDOMAIN\myusername instead of just being able to type their username and password. Security and management is having a fit about this, and I'm stumped. I can switch to basic authentication and put in a default domain, but that doesn't apparently work that way if integrated auth is there. If I take integrated authentication off, then it prompts for everyone, which they don't want.
The best way to do it probably would have been forms authentication from the beginning, it would have been cleaner, but everyone would have had to log in unless we saved login states or something. But it's too late to go back and redo it.
Is there any way to have it "default" to the domain name I want instead of the server machine name? I'm just not understanding what's all going on. Thanks!
Facebook
Twitter