IIS7 redirection to SharePoint Site problem?

Question

I have a sharepoint site hosted on windows server 2008 r2 and iis7.

the sharepoint site is hosted on port 80.

when I browse the site by typing the IP of the machine I receive a login window asking for credentials to connect the Machine. after providing credentials another login window asks for credentials to connect to the sharepoint site.

my question is that when a user logs in to a sharepoint site he uses the credentials specified in the active directory, so why in my case I recieve the login window twice ?

thanks

Answer 1

Have you configured SPN (Service Principal Name)?

You'd better search internet on:

• "double hop",
• delegation vs. impersonation,
• SPN(Service Principal Name),
• computer trusted for delegation
• etc.

For ex.:

• Keith Brown. Security Briefs. Credentials and Delegation
• Configuring Kerberos Authentication in SharePoint 2010
• Configuring Kerberos for SharePoint 2007: Part 1 - Base Configuration for SharePoint
• http://www.windowsecurity.com/articles/Kerberos-Sharepoint-Environment.html
• http://support.dspanel.com/help4/Server_Configuration/Delegation.htm
• Essential Tips On Kerberos for SharePoint Deployers

---

-- Update1:
Might be I did not understand the distribution of machines between IIS, Sharepoint and the one to which you connect.
But, anyway, if you connect from outside of AD from untrusted source through untrusted channel from non-domained machine, then you are not authenticated by Kerberos used internally inside AD (between domained machines) through secured channels. Therefore, the authentication happens twice. First, through NTLM2 (from outside) and, then, for internal Kerberos mechanism. I know cases when it happens 10-20 times.