Re: difference between localhost and `computename`

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 07/29/04 

Date: Thu, 29 Jul 2004 23:23:49 +0200

Hi,

localhost is (should be) resolved to 127.0.0.1. It is resolved using host
file (usually %systemroot%\system32\drivers\etc).

If you in your browser enter http://10.10.10.10/default.asp and you have
e.g. Integrated authentication checked on your IIS your computer (browser)
will send your username and password to the server to identity you. It does
this because 10.10.10.10 by default falls into Local Intranet zone
(10.10.10.10 is a private IP defined in RFC 1918 along with other IPs in
10.0.0.0 range, 172.168.16.0 - 172.31.255.255 and 192.168.0.0).
This will also happen if you enter http://mike/default.asp since again
"mike" is part of local intranet site. If I enter http://mike.krneki.net
then my browser by default won't send my username and password to the site,
since this site by default falls under Internet zone (why would by browser
send my username and password to the internet -- right) :-). Again this can
be solved manually by e.g. adding http://mike.krneki.net under Local
Intranet zone in my IE and again my browser will know that it has to send my
credentials to the site if it requests...

I hope this helps,

Mike

"yufufi" <yufufi@ttnet.net.tr> wrote in message
news:uize1kadEHA.3560@TK2MSFTNGP10.phx.gbl...
>
> what is the difference between (what is going on at the background ?)
> http://localhost/
>
> http://computer_name/
>
> http://ip/ (like http://195.174.86.185)
>
> one thing I found out is , in a local network environment. If I point my
> links to http://computer_name/index.aspx people trying to access the page
> have to log on but when I go with http://ip/index.aspx their windows logon
> is automatically recognized ???
>
> thanx in advance,
>
> yufufi
>
>
>
>

Relevant Pages

  • Re: Kerberos
    ... IE thinks that the site is in the Local Intranet zone. ... the browser window is closed ... credentials to a server without prompting the user. ...
    (microsoft.public.inetserver.iis.security)
  • RE: username and Password sent as clear text strings
    ... I used the proxy software, to simulate a Man in the Middle attack. ... username and Password sent as clear text strings ... I don't believe a certificate was every presented to the browser, ... I completed a security review of a web server, ...
    (Pen-Test)
  • Re: Provide a link to a secure website from a WinForms application
    ... This opens the default browser but it doesn't logon the user automatically. ... I have to insert links to a third party website which has detailed information of that company. ... this website requires a username and password to logon. ... This website redirects to the third party website but I can't add the necessary stuff to the headers. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Integrated Windows Authentication
    ... > Yes the IIS is part of a domain... ... > The error is just access denied in the browser after 3 attempts at putting ... > in the username and password. ... >> Rgds. ...
    (microsoft.public.inetserver.iis.security)
  • Re: User identity
    ... you can config the browser to ask before sending id, or use a runas to have the browser default to the desired account. ... Windows username to a session variable. ... pulls that username. ...
    (microsoft.public.dotnet.framework.aspnet)
Loading