iis security: IIS Multiple Web Server -- iis security

IIS Multiple Web Server

bertrand NO[at]SPAM 3pp.ch
2/3/2005 2:03:06 AM

iis security:

Hi all

I have a question about my IIS installation, in fact I have 2 web
servers on Windows 2003. I have basic authentication on both, I need
to check only 1 time User & Password.

When a user try to connect to my https://webserver1 he needs to give
User info. On this site we have a link (https://webserver2) to the
other site and I have to go on with the same user and password.

Can you help me...

Re: IIS Multiple Web Server

Ken Schaefer
2/3/2005 9:45:31 PM

Unfortunately this generally isn't possible. Why? Because it's a security
risk to the user. When using Basic authentication, the user's username and
password is sent in clear-text to the webserver. Who ever runs the webserver
can thus read the user's password. So the browser never automatically sends
the credentials to the server - just in case the user doesn't want to. The
user must instead choose to manually send their credentials.

To enable auto-logon, you need to follow the requirements here:
http://support.microsoft.com/?id=258063

Cheers
Ken

[quoted text, click to view]