General discussion


IIS, Integrated Windows Authentication

By rdnoble ·
Using IIS Integrated Windows Authentication on a WIN/2000 Server.

Our Intranet site has pages that are both public and some that are
restricted by user group. When a user attempts to access a restricted
page for which they don't have access (via ACL) we want to just deny
access to that page, not prompt the user for a user-id. They were
correctly logged onto the session, they just don't have permission to
this page and we don't want to bother prompting them for a user-id.
We just want the same 401-3 message screen to come up as if the user
had clicked "cancel" for the logon prompt.

Jerry Bryant of Microsoft sent the following information in response
to a previously posted question. I understand it but am hopeful someone will know how to turn off the logon
prompt (item #3 below) received when a valid intranet user attempts to
access a page for which they have not been given access.

Thank You,


Integrated Windows authentication is best suited for an intranet
environment, where both user and Web server computers are in the same
domain, and where administrators can ensure that every user has
Microsoft Internet Explorer, version 2.0 or later.

Integrated Windows authentication proceeds as follows:

1. Unlike Basic authentication, it does not initially prompt users
for a user name and password. The current Windows user information on
the client computer is used for the integrated Windows authentication.

2. However, if the authentication exchange initially fails to
identify the user, the browser will prompt the user for a Windows user
account user name and password, which it will process by using
integrated Windows authentication.

3. Internet Explorer will continue to prompt the user until the
user enters a valid user name and password, or closes the prompt
dialog box.

Jerry Bryant

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Related Discussions

Related Forums