Microsoft KB Archive/264086

= How to automatically log on to IIS by using NT Challenge/Response =

Article ID: 264086

Article Last Modified on 1/27/2007

-

APPLIES TO


 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 4.01 Service Pack 1
 * Microsoft Internet Explorer 4.01 Service Pack 2
 * Microsoft Internet Explorer 4.0 128-Bit Edition
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 4.01 128-Bit Edition
 * Microsoft Internet Explorer 4.0 128-Bit Edition
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 4.0 128-Bit Edition
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 4.01 Service Pack 1
 * Microsoft Internet Explorer 4.01 Service Pack 2
 * Microsoft Internet Explorer 4.0 128-Bit Edition
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 4.01 Service Pack 1
 * Microsoft Internet Explorer 4.01 Service Pack 2
 * Microsoft Internet Explorer 4.0 128-Bit Edition
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 4.01 128-Bit Edition
 * Microsoft Internet Explorer 4.0 128-Bit Edition
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 4.0 for UNIX
 * Microsoft Internet Explorer 4.01
 * Microsoft Internet Explorer 5.0 for Macintosh
 * Microsoft Internet Explorer 4.5 for Macintosh
 * Microsoft Internet Explorer 4.01 for Macintosh
 * Microsoft Internet Explorer 4.0 for Macintosh
 * Microsoft Internet Information Server 4.0
 * Microsoft Internet Information Services 5.0
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 5.0

-



This article was previously published under Q264086



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SUMMARY
It is the responsibility of the user's Web browser to pass the user's credentials to an Internet Information Services (IIS) Web server. If Internet Explorer is configured properly, the browser can automatically log on to IIS using Windows NT Challenge/Response over HTTP with the user's currently-logged-on Microsoft Windows account.



MORE INFORMATION
The following conditions must be met for Internet Explorer to automatically log on to Internet Information Services using NT Challenge/Response over HTTP with the user's currently-logged-on Windows account:  Windows NT Challenge/Response (NTCR) authentication must be enabled and working on the target Web site, virtual directory, or file. You can enable NT Challenge/Response in the Internet Service Manager by selecting NT Challenge/Response authentication (IIS 4) or Integrated Windows authentication (IIS 5).

Note Integrated Windows authentication (IIS5) includes both Kerberos authentication and Windows NT Challenge/Response authentication. For more information about how IIS authenticates browser clients, click the following article number to view the article in the Microsoft Knowledge Base:

264921 How IIS authenticates browser clients

Some network devices such as proxy servers will block NTCR authentication. Microsoft Internet Explorer supports automatic logon. Other Web browsers may not support this feature. The Internet Explorer security zone in which the target Web site appears must be set to Automatic logon only in Intranet zone (intranet) or Automatic logon with current username and password (internet/extranet). Automatic logon only in Intranet zone is the default setting for the Intranet security zone in Internet Explorer 5. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

174360 How to use security zones in Internet Explorer

 The user who is requesting the Web page must have appropriate file system (NTFS) permissions to the Web page as well as all of the objects referenced in the Web page. For example, a user may have full control permissions to a Web page but that user will be prompted for a password if he or she is denied access to a graphic in a secure folder.

Keywords: kbhowto KB264086

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.