Can I set a default domain for a Windows Authenticated website in IIS7?
Solution 1
"Windows Authentication" means the browser send the credentials of the currently logged on user to the web server; then, if this authentication fails because the user doesn't have enough rights to access the site, he gets prompted for a logon.
The credentials sent automatically by Windows Authentication are always those of the currently logged on user, including the domain he belongs to; so you can't specify anything here, as it just wouldn't make any sense to do so.
Solution 2
You cannot, there is no way for IIS to set the default domain when using integrated authentication. A popular trick to appease users is to have them login with [email protected]
(their UPN in Active Directory terms) instead - this typically matches their e-mail address, and is much more palatable to end users.
Related videos on Youtube
Michael Haren
These days I'm a .net/sql software guy I have plenty of experience on the LAMP stack, too Currently toying with RoR, ObjC. and stumbling my way through LINQ to Entities Currently loving ASP.NET MVC and jQuery More about be on my CV or personal blog [email protected] Random silliness on Twitter This is a personal account and not affiliated with my employer. #SOreadytohelp
Updated on September 17, 2022Comments
-
Michael Haren over 1 year
I have an intranet site using Windows Authentication. When users are prompted for credentials, they enter:
User: domain\username Pass: SomePassword
It'd be nice if they could leave off the
domain\
part which would be filled in with a default domain. I'm willing to give up the ability to login with a server/machine account (non-domain) because we don't use that anyway.This seems to be possible with BasicAuth but I can't seem to find a reference for how to do it with WindowsAuth.
-
Michael Haren over 14 yearsSo if the user is being prompted for credentials this suggests the site is falling back to Forms Auth?
-
Michael Haren over 14 yearsWhen I open up IIS Manager and bring up
Authentication
for my site, it showsWindows Authentication (HTTP 401 Challenge)
as the only enabled option. When I hit the site in Chrome I get a login box--that's what I want to set this for -
Michael Haren over 14 years@MattB: that doesn't work for me--I always must use the domain
-
MattB over 14 years@Michael Haren: Weird - is the user you are trying to login as in the same domain as the server?
-
Massimo over 14 yearsMatt, is by chance the server you tested this against a domain controller? When logging on to a DC, the domain is always implicitly assumed, as it doesn't have any local user database.
-
MattB over 14 yearsNope, definitely not a domain controller. Forgot to mention though, I think this is new behavior in IIS7/Windows 2008 - I can duplicate across numerous IIS7 servers, but none of my IIS6 ones.
-
Michael Haren over 14 yearsAt the moment, this is all on one Windows 7 machine. The machine is part of the domain as is my login. Perhaps I will get the behavior you describe once I publish to another server... I apologize if this info changes things--I didn't intentionally withhold it!
-
MattB over 14 years@Michael Haren: lets not discount the possibility that it could be a fluke in my environment - I haven't been able to find documentation on the internet about this new behavior. :)
-
paradroid almost 14 yearsI thought it was a bad idea to use the same domain as used out on the WAN?