IIS windows authentication - accessing from different domain

Report · Aug 18, 2009

HI Guys,

I'm having trouble setting up an intranet with windows authentication, for users on the domain it works fine, but I need to give access to the intranet for people on a different domain.

Currently, I point a url to an anonymous access version of the site, where everyone can access.

A different url points to a windows authentication version of the site. This works, but the problem is I have to keep giving out 2 different URL's to users depending upon their location.

Is there a way in IIS I can tell wether a user is on the domain and redirect them appropriately to the correct version of the site? If users not on the domain try and access the windows authentication version of the site, they get a username and password prompt.

Can anyone think of the best way to do this?

Thanks in advance

Report · Aug 19, 2009

Would it be possible to use CF somehow, to tell if a user is on the domain?

Or use just one URL? For anaonymouse access and windows authenication?

Thanks in advance

Report · Aug 19, 2009

You could possibly do it through CF, take a look at http://livedocs.adobe.com/coldfusion/6/CFML_Reference/Expressions5.htm and see if that would help. I use the CGI.AUTH_USER for auditing purposes and that gives you the DOMAIN\UserName

Report · Aug 20, 2009

Thanks very much for your reply.

The problem with using the CGI variables is you need to have windows authentication enabled from what I understand.

I'm directing users who aren't on the domain by pointing a URL to an IIS header, which directs them to a anon access version of the site with no authentication.

Ideally I'd like to point users to a homepage using a single address, and then somehow redirect them to the approiate version of the site.

Currently I'm giving out 2 URLs.

for network users:

http://intranet - which logs them in using windows auth.

for users outside.

http://nww.intranet.xxxx.xxx.xx which points them to an anon access version of the intranet

Any help much appreciated.

Report · Aug 21, 2009

The following should work with some modifications. Most time a network will have similar ip address for different areas. This let me to build this example. I am not saying this is the best way to do it, but it is a way. You will need to know the dns range of where people using windows authentication will be coming from, generally and internal ip such as a 192.168... or a 172.... I did my example as only myself from my local host was going to be directed to the intranet site. Since my local host sees me as 127.0.0.1 I just checked the first two quadrants. You can customize this to fit what ever you need. To my knowledge the CGI variable is a sever variable thus unless you disabled them, should always be accessable.

</cfif>

Report · Aug 24, 2009

thanks very much for your reply.

I'll give it a go and let you know how I get on.

Thanks again

IIS windows authentication - accessing from different domain

Photos