Basic authentication. one user for each website on the server - iis-7

I have deployed 2 websites on a server (windows Server 2008 R2 Standard).
I want to use a Basic windows authentication for them
For that I enabled Basic Authentication in the IIS Manager.
I have created 2 users one for each site.
How can I make that only User1 can access website1 and user2 can access website2
Currently both users can access both websites. I just want 1 user for each
Thanks a lot for any help

Add/Edit an "Authorisation rule" for each website to Allow only the specific user you want the access given to.

Related

anonymous authentication on iis7 LOGON_USER is empty

I have a application on iis7 using anonymous authentication. I want to retrieve the LOGON_USER from the server variables. It is currently empty. Microsoft suggests how to populate the values of serer variables in this post.
But that is for iis5 & 6. How to do it in IIS7?
Actual problem I am trying to solve is: the application is for intranet and internet users and is a sitecore application running on iis7. If I use windows authentication, I get the domain and username and I can bypass login for intranet users, but for external users, i need to have anonymous authentication also. Having both together will not populate values in the server variables. Have been going through many posts. Also this which says to use Forms and windows authentication.
Not able to solve it properly.
Any help is appreciated.Thanks!!!
In order to track a user profile, the user will need an ASP.Net profile created.
There is programming involved to associate a Sitecore DMS/OMS visitor profile with an actual Asp.net profile. If you want to continue to track Sitecore user profile, you would have to use the Tracker.Visitor.ExternalUser and not iis to determine the current visitor on the internet site.

IIS 7 and Windows Authentication

We have IIS 7 running on the Windows 2008 Server which hosts many intranet websites. We want to use windows authentication for the website and its url will be http://pay
So, I add the C:\InetPub\pay folder and bind it to the IIS7.
Disable the Anonymous Authentication mode.
Enable the Windows Authentication mode.
When I access the website http://pay from the other computer, I got the message that
Unauthorized You do not have permission to view this directory or page
using the credentials that you supplied.
So, I go to the Windows Explorer and Add the Local\IUSR account and give access to the folder. But I still got the same error.
Finally, I added Everyone account and give access to the folder. This time, it works and windows authentication is also working well.
What I am afraid is that, does it open the read access to Everyone to the \MyServer\C$\Inetpub\pay folder? It contains the web.config which contains server and users credential and it would be the big security breach.
How can I achieve to use Windows Authentication without giving access to Everyone account?
Thanks in advance.
I believe what you you're looking for is the IIS_IUSRS group which you should give read access to your website folders when using Windows Authentication. The IUSR account you tried would be used in an Anonymous Authentication scenario.
More info on these groups in IIS7 here:
Understanding Built-In User and Group Accounts in IIS 7

cross domain integrated windows authentication in IIS for ASP.NET intranet website

I built an INTRANET ASP.NET website for which authentication is set to "integrated windows authentication" and in authorization section of web.config, I have specified the AD groups (domain\groupname) to restrict the access to only to the members of those AD groups. multiple AD groups are specified in web.config (domain1\group1, domain2\group2 etc). now this works fine for users of one domain1 (where it is hosted), but for users of another domain (domain2), they get a prompt to enter their windows credentials and if they enter it, then it works and they can access the site without any problem. but I would like to avoid this login prompt, because I granted access to groups of both domains. why are they getting this prompt and is it possible to suppress it? do I need to configure something in IIS or web.config for it? Thanks in advance.
I believe users in Domain2 can add your website, hosted in Domain1, to their list of Intranet Sites in Internet Explorer->Internet Options->Security->Local Intranet Zone. This zone should automatically log on with the current user name and password. You could make this an AD policy.
I'm not sure that you can do this - I believe that users from outside the hosted domain will always be prompted for credentials with 'integrated' security.
You could probably use forms authentication to handle multiple domains. I am heading down the Windows Indentity Foundation path myself (which I have no desire to learn) so I'd love for someone to tell me I'm wrong about this!

Pass user credentials between SharePoint web application and ASP.NET web application

I need to integrate my sharepoint site and ASP.net site. So, First login will occur in the SharePoint site with Active Directory authentication and from there i need to traverse to ASP.Net site through a link. Now my question is whether its possible to pass my SharePoint Active Directory credentials to ASP.Net site? Will i be able to do this through a query string? Will i be able to navigate to and fro between SharePoint and ASP.Net sites.
The main point here is the user should not enter his credentials twice ( ie.. He should be authenticated automatically while navigating between two sites.)
What are the options available for me?
Do these things possible to achieve? SharePoint will be hosted using Windows SharePoint Services 3.0.
Thanks in advance,
ReplyQuote
Is the ASP.NET site on the same network? If so, then you can use AD (Windows Auth) for authentication on the ASP.NET site just like you're using it on the SharePoint site. You don't need to pass the credentials, and you can't anyway since all you have is an authenticated identity. If you configure the ASP.NET site to require Windows Authentication, you'll be able to get the user's identity from the server variables (AUTH_USER).
See How to: Use Windows Authentication in ASP.NET 2.0

Sharepoint AD user athenticate to another domain

I have a situation where I have to autheticate SharePoint user to another website that is not part of the sharepoint domain without asking user to login again.
I have sharepoint part of domain1. I have users in domain1 that log into sharepoint using NTLM by authenticating to domain1. I don't have any control over this domain and sharepoint configuration. I am working on a ASP.net application which needs to authenticate users from domain1 without prompting users for login if they have already logged into sharepoint server.
Is it possible to do? If yes please let me know how I can do this. I may be able to install a webpart on the Sharepoint if this allows me to do single sign on between sharepoint and my application.
If your web side (asp pages) are in domain 2, you can do it as follows:
Configure domain 2 to trust domain 1.
Create a group with all users in domain 1 that you want to give access to your asp pages
Configure your site to use windows authentication
Grant the user group access to your site
In this case it will not actually matter if they have logged into SharePoint first or not.

Resources