List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] [ intergrating IIS with ADS]--ken was right

Prev Next

You are not authorized to post a reply.

Author

Messages

sbdcunha

Posts:52

05/31/2009 7:54 PM
Dear Ken, machine - even non-Windows machines (i.e. no concept of a >> domain). There is no facility in HTTP for a web server to >> know what a user logged on to - only what credentials the >> user is sending as part of the request. you were right. i ma sorry for the bother a username and password dialog pops up but if i specify a the domainname/username and password it works OK also if a user log into the domain a username and password dialog does not pop up. sorry for the bother. but i was jus trying to wreck my brain on the following.. is there any way i could allow internet and local intranet web sites only to users if the log onto the domain and if the dont logonto the domain they are denied access so as to say force log on to the ADS server is the above possible apprecite your help > ________________________________________ > From: activedir-owner@mail.activedir.org > [activedir-owner@mail.activedir.org] On Behalf Of Dave Wade > [dave.wade@stockport.gov.uk] > Sent: Thursday, 28 May 2009 5:46 PM > To: activedir@mail.activedir.org > Subject: RE: [ActiveDir] intergrating IIS with ADS] > >> -----Original Message----- >> From: activedir-owner@mail.activedir.org >> [mailto:activedir-owner@mail.activedir.org] On Behalf Of Ken Schaefer >> Sent: 28 May 2009 05:59 >> To: activedir@mail.activedir.org >> Subject: RE: [ActiveDir] intergrating IIS with ADS] >> >> Hi, >> >> Please re-read the article you linked to. It says, right at the top: >> >> ==BEGIN QUOTE== >> The clients that have joined theWindows domain will need no >> password to access the internet by squid server; other >> clientsthat have not joined the Windows domain will need to >> input password to access the internetby squid server ==END QUOTE== >> >> A user who supplies valid domain credentials should be able >> to get through the proxy, regardless of what credentials >> where used to logon to the local workstation. That is the way >> that HTTP works - the HTTP protocol works for any type of >> machine - even non-Windows machines (i.e. no concept of a >> domain). There is no facility in HTTP for a web server to >> know what a user logged on to - only what credentials the >> user is sending as part of the request. >> > > This is true BUT Internet Explorer does have the facility to provide > "pass through" authentication to Proxy servers and web sites. > > > KS> All popular browsers (IE, Firefox etc) can be configured to > automatically send the credentials of the currently logged on user. > However if a 401 is generated the user would be prompted to supply > alternate credentials. I don't think that this type of "auto logon" is > what OP is looking for... > > Cheers > Ken > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- Network ADMIN ------------- KUWAIT MUNICIPALITY: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] [ intergrating IIS with ADS]--ken was right

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads