0

I have an ASP.NET web application with windows authentication setup, hosted on IIS8 on Domain-A. I have users from Domain-B who need to access to the above application.

AFAIK, both these domains are in same forest. I am not sure if they have trust relationship set or not.

  • When a user of Domain-A logins in from a client (laptop) part of Domain-A with his/her Domain-A user ID, he/she is able to login successfully.
  • When a user of Domain-B logins in from a client (laptop) part of Domain-A with his/her Domain-B user ID, he/she can't login.
  • When a user of Domain-B logs in from a client (laptop) part of Domain-B with his/her Domain-B user ID, he/she can't login.

Can you some one help with me with understanding this situation? Is this expected behavior of IIS? If yes, how can make the above 3 scenarios to be successful?

Thanks in advance.

Jags
  • 1
  • 1
  • 1
  • 'AFAIK, both these domains are in same forest. I am not sure if they have trust relationship set or not' We'll need a lot more information surrounding this. Two domains within a forest are very different to two domains with a trust - you'll need to find out exactly what the architecture is first – Dan Aug 30 '18 at 13:29
  • Sure. But is this a "deciding" factor of the above behavior i mentioned? – Jags Aug 30 '18 at 13:31
  • 2
    Yes, it is. This has nothing to do with IIS but with how the domain controllers interact between the two domanis, i.e. how the trust relationships are set up. – Tommiie Aug 30 '18 at 13:48
  • Talk to your domain administrators, and the answer would be clear. What you observed can be desired and there seems to be no trust relationship. – Lex Li Aug 30 '18 at 15:10
  • Run 'nltest /domain_trusts' – spacenomyous Aug 30 '18 at 16:18
  • Domains in a forest by default have a transitive two-way trust. You need to provide that confirmation, and also provide what type of authentication the application is using (integrated or forms). You also need to provide the error that occurs. If the domains are within the same forest and have a two-way trust, integrated authentication should work. – Greg Askew Aug 30 '18 at 16:52

0 Answers0