Integrated Authentication does not work with domain name


 

This is an easy one, but we got cases like this every now and then… maybe worth repeating.

If you use Windows Integrated Authentication in IIS, everything works fine if you browse "http://netbiosname", but Integrated Authentication fails is you browse "http://dnsname". Why?

Because if the DNS machine name contains a dot ("."), the web site automatically belongs to the "Internet" zone, and by default IE does not sent the account credentials.

How to solve this? Easy, you have two options:

  1. Add the URL to the "Trusted Sites" in Internet Explorer
  2. Modify the security parameter to allow "Automatic logon with current user name and password" (Control Panel -> Internet Options -> Security tab -> Internet -> Custom level…)

    internet security zone settings

Update:
By the way, I forgot to mention that this is also true if you use the IP address instead of the netbios name: e.g. http://xxx.xxx.xxx.xxx

 

Cheers

Comments (2)

  1. Tad says:

    You can also just add http://*.domain.com to take care of all your domain’s sites.

  2. Yep, nice variation of point 1., thanks 🙂

Skip to main content