发表新帖
发表新帖

Integrated Windows Authentication with IIS, Firefox and SQL Server

后端 未结
关注
3 930
佛祖请我去吃肉
佛祖请我去吃肉 2020-12-14 03:12

I have a web site running on IIS on my localhost. This web site has directory security set to only allow Integrated Windows Authentication. It is part of an intranet and nee

相关标签:
3条回答
  • 情话喂你
    2020-12-14 03:35

    IIS needs to pass a Kerberos ticket to SQL Server for this scenario to work. MSIE is picking up the workstation session ticket, whereas Firefox is negotiating its own authentication (and not Kerberos).

    Check out e.g. this dense blog post as a starting point for understanding what is needed. I'm not sure if FF support MS-Kerberos.

    Be aware that even getting MSIE->IIS->SQL Server authentication can be tricky if you have the wrong versions or trust configuration...

    0 讨论(0)
  • 甜味超标
    2020-12-14 03:38

    AS noted by Pontus Gagge, IIS needs to pass a Kerberos ticket to SQL Server. That was enough to tip my Google-fu in the right direction.

    Firefox supports Kerberos, but, you have to tell it which domains it trusts to send the Kerberos tokens too.

    1. Open Firefox
    2. In the address bar type: about:config
    3. Firefox3.x and later requires you to agree that you will proceed with caution.
    4. After the config page loads, in the filter box type: network.negotiate-auth
    5. Modify network.negotiate-auth.trusted-uris by double clicking the row and enter yourdomain.com
    6. Multiple domains can be added by comma delimiting them such as yourdomain.com, yourotherdomain.com

    Note: This is not the same as gbn's solution which just configures firefox to not prompt you to enter domain account details on login.

    Also, if you have already tried to authenticate through the stack in your current Firefox session, you will need to restart Firefox for this to work.

    0 讨论(0)
  • 梦谈多话
    2020-12-14 03:57
    1. Open Firefox
    2. In the address bar type: about:config
    3. Firefox3.x and later requires you to agree that you will proceed with caution.
    4. After the config page loads, in the filter box type: network.automatic
    5. Modify network.automatic-ntlm-auth.trusted-uris by double clicking the row and enter http://www.replacewithyoursite.com
    6. Multiple sites can be added by comma delimiting them such as http://www.replacewithyoursite.com, http://www.replacewithyourintranetsite.com

    I also use IEtab add-on for the intranet sites

    0 讨论(0)
 看不清?
提交回复
热议问题