I doubt this is an IIS issue because IIS does not even know about FQDN vs
http://name -- that name gets resolved to an IP by the client to make direct
TCP IP/Port connection, and IIS only uses the Host headers to route
requests. Authentication decision is made independently, and you said that
it works for http://website
I think this is client-side auto-login misconfiguration:
http://blogs.msdn.com/david.wang/archive/2005/07/04/Why_you_get_login_prompt_on_VS2005_with_Integrated_Auth.aspx
--
//David
IIS
http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights.
//
[quoted text, click to view] "Mike S" <Mike S@discussions.microsoft.com> wrote in message
news:2BD8D016-92DE-4FFA-9746-474FE87F79A3@microsoft.com...
iis 6 authentication ISSUE-------------
Issue- we have a virutal webiste (named WEBSITE) that we only want users of
a certain group to be able to access. The AD domain name is ABC.com. The
dns name for the website is WEBSITE.XYZ.COM. The host headers are setup as
follows- WEBSITE and WEBSITE.XYZ.COM. DNS entries are setup as follows-
under the ABC.COM zone- WEBSITE and under the XYZ.COM - WEBSITE. All name
resolution has been tested and works. IIS security settings for the virutal
webiste- WEBSITE are enable anonymous access UNCHECKED, Integrated Windows
Authentication IS CHECKED. NTFS permissions are set on the IIS home folder
for the group that we want to have access.
Wnen accessing site via http://WEBSITE we gain access to site with no logon
(if we are part of group- if not part of group we get a logon- which is what
we are looking for)
When trying to access
http://WEBSITE.XYZ.COM we get a logon even if we are
part of the group that has ntfs rights to home folder.
Goal is for users in our domain to access site and not have a secondary
logon if they belong to an access group- and we can not use anonymous access
becuase we have app that looks at the user ID that is accessing the site.
Everything works when accessing http://WEBISTE
