Re: Authentication

---

• From: "Ming Zhang" <mzhang@xxxxxxxxx>
• Date: Sat, 27 Aug 2005 17:56:03 -0700

---

Thanks for reply.
First, I can't disable "user must change PW". This is the security policy of
our company.
Users are internet users, so they aren't login to the domain. We can't use
the default credential that the user used to login to their PC. We use AD to
manage their Credential simply because we need a central place to store all
credentials so that all apps can be authenticated against the AD.

Thanks
Ming


"WJ" <JohnWebbs@xxxxxxxxxxx> wrote in message
news:%23YnmoX0qFHA.4044@xxxxxxxxxxxxxxxxxxxxxxx
> "Ming Zhang" <mzhang@xxxxxxxxx> wrote in message
> news:%23xb6buyqFHA.3788@xxxxxxxxxxxxxxxxxxxxxxx
>> Hi guys,
>>... When creating a new user, it's required to have "user must change
>>password when first time login". In this case, the user will just get an
>>401.1 access deny error without any other clue.
>>
>
> You may want to disable "User must change PW" policy on your domain/local
> policy assume that you are using Windows 2k or 2k3.
>
>> .... if the user navigate to other apps (which require windows
>> authentication), the authentication dialog will popup again.
>>.... I am stuck here. So my question is if there is a way to let IE knows
>>that the current connection is already authenticated, so IE doesn't need
>>to popup the dialog again.
>>
> Are your users member of your domain ? If so, are they successfully
> authenticated by your domain when they start-up their PC ? As this is the
> only possible way to let local IE browser knows so that it does not ask
> for the same login again. On top of that, you must disable "Anonymous" and
> enable Windows Integrated for your website on the IIS box.
>
> John
>
>
>
>


.

---

• Follow-Ups:
  • Re: Authentication
    • From: WJ

• References:
  • Authentication
    • From: Ming Zhang
  • Re: Authentication
    • From: WJ

• Prev by Date: Re: <sessionState cookieless="true" />
• Next by Date: Re: Custom redirectURL
• Previous by thread: Re: Authentication
• Next by thread: Re: Authentication
• Index(es):
  • Date
  • Thread

---

Relevant Pages RedirectFromLoginPage and loops ... I've got an Intranet site that's been using the usual Forms authentication. ... Windows authentication checked). ... whether the Login Windows is valid, and then I run a RedirectFromLoginPage. ... With such a code portion, the page loops moebiusly and never goes to the ... (microsoft.public.dotnet.framework.aspnet) RedirectFromLoginPage and loop ... I've got an Intranet site that's been using the usual Forms authentication. ... Windows authentication checked). ... whether the Login Windows is valid, and then I run a RedirectFromLoginPage. ... With such a code portion, the page loops moebiusly and never goes to the ... (microsoft.public.dotnet.general) [Full-Disclosure] Advisory: Dark Age of Camelot - Weak encryption of network traffic exposed persona ... Weak encryption in game client exposed customer billing and authentication ... encryption for billing information. ... The login binary has undergone several updates since then. ... (Full-Disclosure) RE: How to get the login from IIS in C# ... you want to use Windows authentication instead ... client need to login to domain to avoid message box from ... | windows under IIS... ... (microsoft.public.dotnet.framework.aspnet.security) Re: Websites require a login ... It's *my* understanding (and I'm not a security expert) that when using ... integrated windows authentication you are using NTLM authentication or ... Windows 2000 and 2003 via Active Directory. ... That's why the server is requiring a login. ... (microsoft.public.dotnet.framework.aspnet)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > DotNet  > microsoft.public.dotnet.framework.aspnet  > 2005-08