1

I've searched everywhere for this... I have a standalone IIS server, that is not a member of domain, connected to our network via VPN. There are several webpages running on this server, Sharepoint being one of them. I've configured local users&passwords that reflect those from domain, but still, when accessing sharepoint site, webbrowser requires authentication. Is there a way to disable this annoying behavior?

There's no problem with other sites: I simply configure anonymous access in IIS and grant IUSR_machinename access to the physical folder on disk. Doesn't work with WSS, tho.

Any ideas?

imagodei
  • 499
  • 1
  • 3
  • 13
  • Do you want anonymous access to the sharepoint site? I don't think that you can trick the integrated authentication thing. – Igal Serban Sep 09 '09 at 12:48
  • I guess not. I still need Sherepoint to recognize users. I would like Sharepoint/IIS to automatically recognize users from my domain and map them to local ones (those created on Server). Just like when you create user account on server and remote user trying to access it's resources from remote PC: as long as remote user credentials match user account on the server, this is possible (even though this isn't domain user account but rather there are two separate matching accounts). Hm... I hope I'm making myself clear there. :) – imagodei Sep 09 '09 at 13:20
  • So, does anyone knows answer to this one? Workarounds? – imagodei Sep 11 '09 at 11:47

3 Answers3

1

Without much work this is not possible if the server and client computers aren't in the same domain.

In a domain environment, authenticating for Sharepoint access the process in the background works roughly like this:

  • First you authenticate to domain controller
  • Domain controller assigns you a ticket
  • Web server checks your ticket

In non domain environment it is simply not trivial to configure such automatic authentication on a Serverside.

Workaround

You can configure automatic authentication on the client side by storing password in the browser or by configuring IE to authenticate with current user credentials.

Firefox: When navigating to Sharepoint site new dialog box opens up, asking for credentials. After you supply the credentials, a "dialog-line" appears at the top of Firefox browsing area, asking if user wants to store password. By selecting OK, credentials get stored. Next time visiting a site user simply confirms autocompleted form with Username/password.

IE: The approach mentioned for firefox didn't work for me. IE does offer to remember password, but even if you check this option, credentials don't get stored. (Maybe someone has solution for that).

The following is what does work: You add the site to Local Intranet Zone (Tools -> Internet options -> Security -> Local Intranet -> Sites -> Advanced). By default Security level is set up in the way that IE should attempt to authenticate you automatically using current user credentials. You can check that by clicking Custom level, then search for user authentication section. If either Automatic logon only in intranet zone or Automatic logon with current user name and password is selected, this shoud work.

Of course instead using Intranet zone you can add site in Trusted zone or somewhere else. Just make sure that Automatic logon with current user name and password options is selected.

imagodei
  • 499
  • 1
  • 3
  • 13
1

The answer is in your browser settings. You need to add your server to the Intranet zone and ensure that the setting is turned on for the Intranet zone that allows credentials to be passed under the covers. Here are the settings for IE7:

Local Intranet setting: Click tools --> Internet Options --> Security tab --> Local intranet --> Sites --> Advanced. Ensure that the checkbox is unchecked for “Require server verification…”. Then, type your server into the “Add this Web site to the zone:” box. Click Add --> OK --> OK --> OK. Then, follow the next important step.

Then, click tools --> Internet Options --> Security tab --> Local intranet --> Custom level --> on the very last setting under User Authentication Logon, select “Automatic logon only in Intranet zone” --> click OK --> OK.

That should do it!

0

Map domain users to local users? You do know that a domain user's username would be totally different to that of a local user. The difference being that a domain user's account would something like DOMAIN\USER, whereas a localuser would be MACHINENAME\USER?

To map these you would need to write your own AuthenticationProvider (which is a definite possibility, seein as SharePoint uses an auth. provider built using the Provider Pattern used throughout (ASP).NET for things like auth.

Creating you own provider can be a lot of work though.

Colin Dekker
  • 415
  • 4
  • 12
  • SIDs would be different, or rather - they are different, yes. Usernames per-se, even though they are in different domains, can be mapped over from one domain to another. A simple example would be a user working on a foreign client machine, trying to use network shared folders of domain member file server. If an account exists in domain with the same credentials as the local user of the foreign client machine, then the user will be able to get access to file server. Of course, strictly speaking, these are two distinct users with two distinct SIDs – imagodei Sep 13 '09 at 00:04