Re: authentication - what is being used

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Scott Allen (bitmask_at_[nospam)
Date: 09/29/04 

Date: Wed, 29 Sep 2004 13:42:50 -0400

Hi Stephanie:

In addition to other's comments, there is an ASP.NET Identity Matrix
on MSDN which might help:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetAP05.asp 

--
Scott
http://www.OdeToCode.com/
On Wed, 29 Sep 2004 09:27:58 -0400, "Stephanie Stowe"
<NoSpam@IWishICould.com> wrote:
>I am new to ASP.NET having come from ASP classic background. I need to
>understand authentication. I have a server running IIS which contains an
>ASP.NET app. On IIS the app has both anonymous and Windows Integrated
>Authentication enabled.  In the ASP.NET app, the web.config file contains
>
><authentication mode="Windows" />
>
>The help on this element says of this setting
>
>Specifies Windows authentication as the default authentication mode. Use
>this mode when using any form of Microsoft Internet Information Services
>(IIS) authentication: Basic, Digest, Integrated Windows authentication
>(NTLM/Kerberos), or certificates.
>
>A user running IE6 (which is all of our users) also has User Authentication
>settings in IE from which one might choose Anonymous, Automatic logon only
>in Intranet zone, Automatic logon with current user name and password and
>Prompt for user name and password.
>
>I am trying to determine which set of credentials are being used when a
>customer logs into the site. The only thing I do not know (and cannot know
>until 11:30 or so when west coast shows up) is exactly what the IE
>authentication settings are. The site is in the IntERnet zone. And I *think*
>that they have Automatic logon only in Intranet zone.
>
>My question is, with all these settings in different places, how is the
>actual set of credentials determined?
>
>Thanks!
>

Relevant Pages

  • [NEWS] Multiple Vulnerabilities with Pingtel xpressa SIP Phones
    ... remote administrative configuration of the phone's settings. ... The Pingtel xpressa SIP-based phone ships with no administrator password, ... Requiring Authentication of Incoming Calls ... Altering the Behavior of the Web Server ...
    (Securiteam)
  • Re: Microsoft has not verified that this....
    ... I will double check the settings. ... > authentication and control section of the dialog. ... > want to ensure that IE knows what Internet domains are intranet domains. ... IE should say that you are in the local intranet zone and then ...
    (microsoft.public.sharepoint.portalserver)
  • Re: Windows Integrated Authentiction and IIS 6
    ... Local Intranet Zone and the Automatic logon only in ... Intranet zone is enabled, yet we find that behavior is ... >> Using Basic or Anonymous authentication works properly. ... >> additional prompt. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Alternative Access Mapping User Prompts
    ... you'd better to check the other authentication settings: ... \par - IIS Authentication Settings is Integrated Windows authentication - NTLM ... \par Microsoft Global Technical Support Center ... \par> What every SharePoint administrator needs to know about Alternate Access ...
    (microsoft.public.sharepoint.portalserver)
  • RE: CEICW-OMA errors
    ... Please double confirm the settings of the default Web Site settings as ... Open IIS Manager, navigate Web site -> Default Web Site, right click it ... Authentication Methods: ...
    (microsoft.public.windows.server.sbs)