0

I need the following.

  • My Server 2012 with IIS 8 installed is in a workgroup.
  • Workstations are in a domain called 'hello.local'

I need for users in the domain 'hello.local', to be authenticated against the IIS on my Server 2012. This way, i can log who was on the website.

Which methods can i use? I'v read about NTLM and Kerberos, but never worked with it. Which do you prefer? And is this even possible if the server is in a workgroup?

Markie Mark
  • 1
  • 3

1 Answers1

0

It may be possible with a workgroup IIS server, but it would be VERY complex and much less secure.

NTLM will "just work" by default, if you turn off anon access and turn on windows integrate auth. Setting up kerberos is more secure but more work.

markgamache
  • 195
  • 4
  • The short version is that doing Windows Kerberos requires you to join a (/the) domain. Then it's all automatic and it'll just work. Without joining a domain, you might still be faced with authentication prompts from IE if you use a name with dots which isn't assigned to your Local Intranet Zone (but it should still work after the prompt) – TristanK Nov 22 '16 at 12:49
  • Thnx. Is this a good tutorial: https://blogs.msdn.microsoft.com/chiranth/2014/04/17/setting-up-kerberos-authentication-for-a-website-in-iis/ – Markie Mark Nov 22 '16 at 15:25