That value is whatever SSPI gives IIS. SSPI is the security subsystem that
does the whole Integrated Authentication handshake. Literally, it is a black
box to IIS, and IIS simply follows the instructions, asking for more info as
the black box asks, etc, until it says success or failure, at which point
IIS can call another API to obtain the "user name".
Personally, I would use AUTH_USER.
FYI: all your questions actually have very little to do with IIS and a lot
to do with how overall Windows Security is configured on both the server and
client since it affects authentication protocol negotiation.
--
//David
IIS
http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights.
//
[quoted text, click to view] "Matt" <Matt@discussions.microsoft.com> wrote in message
news:184BD16C-AAE6-4BF9-BBC3-9A65BBC0EE6D@microsoft.com...
Thanks for your reply.
Logging in is fine as user@upn-suffix.
However, when you use something in ASP such as
Response.Write(Request.ServerVariables("remote_user")) the output is written
out as:
Domain\user@upn-suffix.
Is this right?
[quoted text, click to view] "Ken Schaefer" wrote:
> Users need to enter their name as either:
>
> Domain\Username
> -or-
> user@upn-suffix (where upn-suffix is a user-principal-name suffix defined
in
> Active Directory - I would check that the user is entering a valid AD
> upn-suffix)
>
> Cheers
> Ken
>
> "Matt" <Matt@discussions.microsoft.com> wrote in message
> news:D41C4808-1B05-4F35-ADFF-2387B0457B47@microsoft.com...
> > Hello,
> > We have a number of intranet sites running on a Win2k IIS5 machine, and
we
> > use Integrated authentication to identify users. When logging into one
of
> > these sites from a Win2k client, users are presented with a username,
> > password and domain box. They enter their username and password and can
> > leave the domain empty and they are logged in.
> >
> > However, from an XP machine (from RTM to SP1 and 2), a username and
> > password
> > box appears (no domain). They enter their username and password, but it
> > changes the username to fullyqualifieddomain.com\username. They have to
> > login using username@mydomain.com.
> >
> > Since upgrading the webserver to Win2k SP4, it now sees XP users as
> > DOMAIN\username@mydomain.com. The 2k users are unaffected.
> >
> > Am I missing something really simple or not doing something right? Any
> > suggestions and guidance would be grately appreciated.
> >
> > Many thanks in advance.
>
>
>
