Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / IIS / IIS Security / July 2008

Tip: Looking for answers? Try searching our database.

IIS permissions on multiple server

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Gary Contois - 28 Jul 2008 20:13 GMT
I have seen similar questions but wanted to see if this would be possible.
We have two separate IIS servers with separate web sites. They both have
folders on the web sites that have the same permissions for both sites.

Would it be possible to sign in to the protected web folder on one site and
not have the browser request you to sign in on the second web site since you
have all ready signed into the first? I have read discussion regarding
'single sign on' but was not clear on it.

Thanks for any help.
Signature

Gary Contois

Reply to this Message
David Wang - 29 Jul 2008 04:07 GMT
On Jul 28, 12:13 pm, Gary Contois
<GaryCont...@discussions.microsoft.com> wrote:
> I have seen similar questions but wanted to see if this would be possible.
> We have two separate IIS servers with separate web sites. They both have
[quoted text clipped - 8 lines]
> --
> Gary Contois

Most authentication protocols only protect its own realm, scoped to
the website -- i.e. the login is valid only for its own website and
not another. That behavior is secure and by-design.

You'd have to use an authentication which supports "single sign on"
through multiple websites, like Windows LiveID, or create your own
protocol which either performs auto-login from the client or
delegation on the server, to get the behavior of "Single sign on".
You'd also need an authorization and ACL system that spans multiple
machines securely. You get this behavior with Windows Active Directory
and Kerberos. Or Windows LiveID. Or any third-party implementation.

FYI: Why would one website trust the sign-in performed by the other
website? Suppose the first website is "Hackers.com" -- would you want
the second website to blindly trust the first?

//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.