0

I have two websites. One is an "intranet," one is a public site that has "admin" areas:

www.example-intranet.com
www.example.com

They are both running on the same IIS 6 box.

www.example-intranet.com is password protected. That is, in IIS I've removed "anonymous access," I've checked "Basic authentication" and I've put in our AD server for the "Default domain." This part works fine.

Now, I want to do the same for www.example.com/admin. I thought I could follow the same steps (remove "anonymous access," add "basic authentication," and add the "default domain." However, users are being forced to log in twice (once for the intranet site, and then again when they go to www.example.com/admin.

It seems like the two sites are not "sharing" the login. How do I get this to work?

Massimo
  • 70,200
  • 57
  • 200
  • 323
anon
  • 404
  • 1
  • 5
  • 15
  • What you are asking for is called "single sign-on"; I've changed the question title to reflect this. – Massimo Jul 25 '11 at 16:27

1 Answers1

1

You should try using "integrated windows authentication" instead of "basic authentication". This is by no means a full single sign-on solution, but in this case, being the two sites on the same server, it should work for you.

Massimo
  • 70,200
  • 57
  • 200
  • 323
  • My understanding of basic authentication is that it should be avoided because the credentials are transmitted in plain text. So switching to integrated won't fix my single sign-on problem? – anon Jul 25 '11 at 16:54
  • You are right in saying that basic authentication should be avoided for exactly this reason; but also integrated authentication establishes a NTLM channel between the client and the server, which *should* remain active if you switch to a different website on the same box (not personally tested, but it's worth trying). – Massimo Jul 25 '11 at 16:58
  • Also, if you are logging on from a domain-joined computer, the user will not need to authenticate *at all*, because his/her domain credentials will be used automatically. – Massimo Jul 25 '11 at 16:59
  • That depends on the browser being used. IE for instance will require the the site be added to the trusted sites list before SSO is possible. – Tatas Jul 25 '11 at 18:49
  • @Massimo -- I tried switching to Integrated Authentication. No joy =( – anon Jul 26 '11 at 19:01