Home / server / Questions / 128056
Accepted
Chris W
Asked: 2010-04-01 03:40:28 +0800 CST

Windows authentication through IE - specify the domain

  • 772

This question really relates to allowing to logon to a SharePoint installation from home but I guess it's a general IIS security question.

When the login box pops up to collect the windows credentials the user can just type in their user name on Safari/Chrome/FF and they can login correctly. On IE authentication fails as it seems to pass their local machine name by default and the user needs to replace this with domain\user. Not a big problem in some cases but we'd prefer it if the users didn't have to enter the domain name portion.

Is this simply a feature of IE that we can't control or is their something we can do with IIS/AD etc that will allow us to provide a default domain if one isn't specified?

internet-explorer windows-authentication

4 Answers

  1. Best Answer

    Another option is to install an ISA server in front of SharePoint and let it handle the authentication. You can provide single-sign on through the ISA, and serve up the webmail, sharepoint, and any other web applications you have running on the backend.

    ISA can be configured to accept forms based login, that it will translate to NTLM for the end user, giving you the flexibility to add the domain in for them.

    • 1

  2. Another option is to train users a little differently. For some reason users typically see domain\username as some egregious miscarriage of justice, but if they can use their email address that is fine.

    In AD, users have what is called a UPN (user principal name) - which is typically @domain.com - which typically matches their email address. Luckily enough, you can use the UPN to login to an NTLM authenticated website.

    So - assuming the default UPN for your users is the same as your email domain, you can tell users to login with [email protected] and it will work, and possibly be less of a headache for you.

    • 1

  3. I ran into this a while back. I don't remember which one you need but if you open up IE and go to "tools", "internet options", "security tab", "custom level". Go all the way to the bottom of the list and there are four options for user authentication. Try changing those and see what happens.

    • 0

  4. Considering you have MOSS default installation, the default authentication is NTLM. If a Web site is configured to authenticate a User i.e. using "Authentication and Access Control" in IIS or Authentication configured in an application like MOSS. Internet Explorer by default will pass the login user's credentials. Now, since you said these are home users they must be login on their machines using "MACHINE_NAME\User_NAME" hence the credentials passed by IE is MACHINE_NAME\USER_NAME. You will have to manually add the DOMAIN\USER_NAME if you want to authenticate yourself using your domain credentials.

    Alternately, if you are using Forms/Basic Authentication, you can write a code which would authenticate a user with the default domain as what ever you want to.

    • 0