Re: Auto log in with basic authentication
"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
news:%23WDrHI00HHA.4824@TK2MSFTNGP02.phx.gbl...
> Then I am totally in the dark as to what is happening for this poster.
>
> Roger
what I did was enabled both integrated and basic authentication, but this
did not work as it seems that the laptops were trying to use integrated and
failing, I assumed that they would fail and then try basic, but this did not
seem to happen. So I disabled integrated authentication from the IE advanced
options and it all seems to work. I did a bit of reading into the mobile PC
cards we are using on the laptops and they have some sort of compression
software to save on downloads I assume that this is making integrated
authentication fail. I am trying to get them to disable it(as I read you can
have done) but they haven't called me back yet.
So the scenario I have now is both Integrated Authentication and Basic
authentication. The clients on the network login automatically with
integrated and the mobile OC card laptops have integrated disabled and use
basic over ssl. Seems to be working well.
>
> "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
> news:e2yQ92x0HHA.5644@TK2MSFTNGP05.phx.gbl...
>> IE does not "fall back" to some other type of authentication.
>>
>> It tries a sinlge type, and if it doesn't work, then authentication
>> fails.
>>
>> NTLM auth from browser to IIS does not rely on NetBT ports - it all works
>> over port 80 (or 443)
>>
>> Cheers
>> Ken
>>
>>
>> "Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
>> news:OcdPi3q0HHA.5380@TK2MSFTNGP04.phx.gbl...
>>> Yes, some unknowns here. I was thinking OS would not try to
>>> use Kerberos due to external name not matchine DNS domain
>>> of AD, so trying NTLM; and also assuming a public provider of
>>> this air-link filtering out NetBt based ports - resulting in authN
>>> falling back to basic.
>>>
>>> Roger
>>>
>>> "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
>>> news:%23k88fgk0HHA.3400@TK2MSFTNGP03.phx.gbl...
>>>> Well, it may be that the server is being accessed as http://servername
>>>> internally, and http://servername.domain.com externally (or something
>>>> like that), or perhaps it matter of how OP has configured ISA Server.
>>>>
>>>> I don't really know about the port issue - unless we're using Kerberos
>>>> authentication (and ISA Server would have to be explicity configured
>>>> for Kerberos IIRC) then the only port used is 80 (or 443 as OP has SSL
>>>> enabled).
>>>>
>>>> Cheers
>>>> Ken
>>>>
>>>>
>>>> "Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
>>>> news:O%23Cz%23Wh0HHA.484@TK2MSFTNGP06.phx.gbl...
>>>>> Nice KB Ken, which I had overlooked previously. Thanks.
>>>>>
>>>>> Given poster can access as expected with direct wire, and
>>>>> that issue is when using public provider, it sounds to me that
>>>>> it is not a configuration issue on poster's part, client or server,
>>>>> but with port protocols supported over that air-linked network.
>>>>>
>>>>> Roger
>>>>>
>>>>> "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
>>>>> news:eNodDnY0HHA.1100@TK2MSFTNGP06.phx.gbl...
>>>>>> IN order of transparent auto-login to work with IE, all the following
>>>>>> conditions must be satisfied. It's not just a matter of configuring
>>>>>> something on the server:
>>>>>> http://support.microsoft.com/?id=258063
>>>>>>
>>>>>> Cheers
>>>>>> Ken
>>>>>>
>>>>>> "ThatsIT.net.au" <me@thatsit> wrote in message
>>>>>> news:OZ0DRdU0HHA.1164@TK2MSFTNGP02.phx.gbl...
>>>>>>>
>>>>>>> "Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
>>>>>>> news:eAdB9DU0HHA.6072@TK2MSFTNGP03.phx.gbl...
>>>>>>>>
>>>>>>>> "ThatsIT.net.au" <me@thatsit> wrote in message
>>>>>>>> news:uPeUx1O0HHA.600@TK2MSFTNGP05.phx.gbl...
>>>>>>>>>I will check this out on Monday.
>>>>>>>>>
>>>>>>>>> But I can authenticate using LAN cable, but not though card.
>>>>>>>>>
>>>>>>>>
>>>>>>>> I missed that piece of info.
>>>>>>>> So much fir cliebt settings.
>>>>>>>> You are likely dealing with ports disallowed via
>>>>>>>> the wireless access points' routing then.
>>>>>>>
>>>>>>> Its not your normal wireless, its a mobile phone card for a laptop.
>>>>>>> You connect though a mobile phone tower
>>>>>>> http://www.cnet.com.au/wireless/accessories/0,239028911,339272208,00.htm?feed=rss
>>>>>>>
>>>>>>> but your point probably still applies.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>>> ill get back to you on Monday if you are still around
>>>>>>>>>
>>>>>>>>> "Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
>>>>>>>>> news:ecbQq5N0HHA.4652@TK2MSFTNGP05.phx.gbl...
>>>>>>>>>> Remember that use of integrate authentication behind the scenes
>>>>>>>>>> is
>>>>>>>>>> not just a matter of whether the website is configured to
>>>>>>>>>> negotiate
>>>>>>>>>> its use. The browsing client (i.e. IE) must also be configured
>>>>>>>>>> to
>>>>>>>>>> allow its use (in the Internet Options on the Advanced tab) and
>>>>>>>>>> the
>>>>>>>>>> site must be recognized as one with which it will attempt is use
>>>>>>>>>> (usually that mean recognizing the site as being in the intranet
>>>>>>>>>> zone).
>>>>>>>>>>
>>>>>>>>>> Roger
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> "ThatsIT.net.au" <me@thatsit> wrote in message
>>>>>>>>>> news:ehQotZN0HHA.1188@TK2MSFTNGP04.phx.gbl...
>>>>>>>>>>> Actually I think I spoke too soon.
>>>>>>>>>>>
>>>>>>>>>>> we have some laptops that need to connect though PC mobile phone
>>>>>>>>>>> cards. for some reason I'm not sure they do not seem to want to
>>>>>>>>>>> connect to the web site with intergraded security, I think this
>>>>>>>>>>> is what happened last time I choose this configuration. I don't
>>>>>>>>>>> have one with me at the moment I would have to wait till Monday
>>>>>>>>>>> to find out for sure.
>>>>>>>>>>>
>>>>>>>>>>> This brings up another question. why wont the laptop's
>>>>>>>>>>> authenticate with windows authentication when connecting with pc
>>>>>>>>>>> mobile phone cards?
>>>>>>>>>>>
>>>>>>>>>>> "ThatsIT.net.au" <me@thatsit> wrote in message
>>>>>>>>>>> news:OCj%23v$M0HHA.4184@TK2MSFTNGP06.phx.gbl...
>>>>>>>>>>>>
>>>>>>>>>>>> <jwgoerlich@gmail.com> wrote in message
>>>>>>>>>>>> news:1185550174.050237.219340@d30g2000prg.googlegroups.com...
>>>>>>>>>>>>> There is no workaround. The automatic login option in IE works
>>>>>>>>>>>>> with
>>>>>>>>>>>>> integrated authentication only. This is because basic
>>>>>>>>>>>>> authentication
>>>>>>>>>>>>> exposes the password (at both the network and application
>>>>>>>>>>>>> layers).
>>>>>>>>>>>>> Prompting the user is meant as an additional security
>>>>>>>>>>>>> precaution to
>>>>>>>>>>>>> address this exposure.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Can you enable both integrated and basic authentication on
>>>>>>>>>>>>> this
>>>>>>>>>>>>> intranet site?
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> I think i did try that combination before, i will try again,
>>>>>>>>>>>>
>>>>>>>>>>>> sorry just tried it seems to be working.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>>
>>>>>>>>>>>>> J Wolfgang Goerlich
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Jul 27, 11:07 am, "ThatsIT.net.au" <me@thatsit> wrote:
>>>>>>>>>>>>>> I am currently setting up a intranet that will not be
>>>>>>>>>>>>>> available from outside
>>>>>>>>>>>>>> the network, also a extranet that will be available from
>>>>>>>>>>>>>> outside the
>>>>>>>>>>>>>> network.
>>>>>>>>>>>>>> The extranet has basic authentication and SSL. it passes
>>>>>>>>>>>>>> though a ISA 2000
>>>>>>>>>>>>>> firewall and for various reasons we need to use basic
>>>>>>>>>>>>>> authentication, but as
>>>>>>>>>>>>>> it is over SSL it is encrypted so it does not matter that
>>>>>>>>>>>>>> basic uses clear
>>>>>>>>>>>>>> text.
>>>>>>>>>>>>>> Certain pages that need to be accessed from outside I will
>>>>>>>>>>>>>> put on the
>>>>>>>>>>>>>> extranet but I don't want to have to recreate these pages on
>>>>>>>>>>>>>> the intranet
>>>>>>>>>>>>>> also so internal users will access these pages from the
>>>>>>>>>>>>>> extranet.
>>>>>>>>>>>>>> All seems fine but one point. when internal users access the
>>>>>>>>>>>>>> extranet they
>>>>>>>>>>>>>> are prompted to log in, even though their browsers are set to
>>>>>>>>>>>>>> log in
>>>>>>>>>>>>>> automatically with current username and password. this is
>>>>>>>>>>>>>> annoying to say
>>>>>>>>>>>>>> the least.
>>>>>>>>>>>>>> Is there any solution?
>>>>>>>>>>>>>> Is this normal for basic over SSL to prompt even when set to
>>>>>>>>>>>>>> auto login in
>>>>>>>>>>>>>> IE?
>>>>>>>>>>>>>> any suggestions
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>
>
> 
l6ka3li7vdcua9qrn56n6ttoef7kkghhi@4ax.com...