"David Wang [Msft]" wrote:
> The issue is not a matter of "getting rid of the password prompt" or
> "achieving SSO". The issue is security and delegation, and what you are
> asking for is insecure behavior. Since the protocols you use are secure,
> your insecure behavior is not allowed.
>
> You are accessing two different websites thus two different connections as
> far as the authentication protocol is concerned.
>
> So why should the client auto-authenticate between two different websites.
> Also, why should one website trust the auto-authentication of another
> website that has no trust-relationship. With no relationship between the
> websites, one could be good-guy.com and the other is bad-guy.com . Why
> should good-guy.com trust the authentication from bad-guy.com? Why should
> the browser auto-authenticate with bad-guy.com simply because it
> auto-authenticated with good-guy.com?
>
> Read the SSO-related entries to understand what is going on.
>
http://blogs.msdn.com/david.wang/archive/2005/07/06/SSO_ISAPI_Considerations_2.aspx
>
> --
> //David
> IIS
>
http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no rights.
> //
> "StoreThomas" <StoreThomas@discussions.microsoft.com> wrote in message
> news:1F476174-CC17-4856-9919-C82C9E6C35BD@microsoft.com...
> Hi!
>
> I've got a problem on a SBS 2003 running sharepointsites on a IIS 6.
>
> The server has two seperate sites configured. intranet.site1.dk and
> intranet.site2.dk. Actually is also has companyweb and a lot of other stuff
> configured too.
>
> Ok the thing is that I've configured the sites to use Windows Authentication
> as I have with companyweb. When I access companyweb I'm acces the site
> without a password prompt, but as soon as I try to acces one of the
> intranet.siteX.dk sites I'm promptet for a password. I then put in the right
> username and password and logs on, but I need to get the password prompt
> removed so it works just like companyweb without an anoying prompt.
> (needless
> to say that I should still be prompted for username/password when I acces
> the
> sites from a computer that's not logged on to the domain)
>
> The sites are configured with host headers (intranet.site1.dk and
> intranet.site2.dk). I've tried to put in a host header that leaves out the
> siteX.dk part so that I can access it by just typing the forst part - f.ex.
> "intranet1" (remembered to update dns server) and then I lock on to the
> sites
> WITHOUT a password prompt. Also tried with the "hosts" files with exactly
> the
> same result as described above.
>
> How can I fix this problem when I still wanna keep the siteX.dk part so that
> I'm able to log on to the sites from another internet connected site?
>
> Any help would be much appreciated
>
>
> Best Regards
> Thomas
>
>
