Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Forcing authentication

  Asked By: Hunter    Date: Aug 12    Category: Sharepoint    Views: 2534

Is it possible to force the authentication dialog in IE to appear when a
person enters SharePoint?



5 Answers Found

Answer #1    Answered By: Bobbie Rodgers     Answered On: Aug 12

Yes. If you use Basic authentication  then u can give a popup to user
when ever he/she visits the site.

But there is a security problem that username and password will be sent
in a plain text format. If ur having SSL u can happily go with this.

Answer #2    Answered By: Bhumi Gokhale     Answered On: Aug 12

In IE go to tools--> Internet options --> Security --> custom level -->
scroll down to User authentication  -- enable prompt for username /pwd.

Answer #3    Answered By: Davon Henson     Answered On: Aug 12

Can someone help me with this?

Internal DNS: http://myweb <http://myweb/> points to the internal address,

External DNS: http://myweb.joe.com" target="_blank" rel="nofollow">http://myweb.joe.com <http://myweb.joe.com" target="_blank" rel="nofollow">http://myweb.joe.com/> points to the
external facing proxy server.

When people from inside the network go to http://myweb , they don't get
prompted, since it looks at the windows login screen. That is great and I
want it that way.

But if they go to http://myweb.joe.com" target="_blank" rel="nofollow">http://myweb.joe.com <http://myweb.joe.com" target="_blank" rel="nofollow">http://myweb.joe.com/> or anything
that is statically href with a pretense of http://myweb/joe.com/" target="_blank" rel="nofollow">http://myweb/joe.com/*
<http://myweb/joe.com/" target="_blank" rel="nofollow">http://myweb/joe.com/*> , it will prompt them for a username and password,
which I don't want to happen. How can I fix that? I can't change the href
preference to start with http:/myweb/* because then external users (remote)
will not be able to view that page.

Answer #4    Answered By: Matt Prince     Answered On: Aug 12

There isn't a reliable way to do what you want. Internal users are not prompted
for authentication  for 2 reasons:

1) They are using NTLM authentication
2) The http://myweb/ URL is part of the Local Zone and IE sends authentication
automatically by default.

The external users are being prompted for one or both of the following

1) They are using Basic authentication
2) The http://myweb.joe.com/ URL is part of the Internet Zone and IE does NOT
send authentication automatically by default

For #1 there is no guarenteed fix - you can try forcing  NTLM, but many
firewalls don't allow it, and Basic cannot authenticate without a prompt. For
#2, you'd need to change a setting in IE for every user, adding the URL to the
trusted sites list in IE.

Answer #5    Answered By: Brooks Bond     Answered On: Aug 12

As far as adding URLs to trusted sites list in IE, group policy is the best
way to go, if you can...
Here is how:

Method 2: Use Group Policy to Add the SitesCreate a policy to add the
Office Web sites to the *Trusted sites* zone. To do this, you can create a
local policy, or you can create a domain or organizational unit policy. To
create a policy in your domain: 1. Log on to a domain controller, and then
start the Active Directory Users and Computers utility. 2. Right-click the
domain or Organizational Unit where you want to create the Group Policy
object, and then click *Properties*. 3. Click the *Group Policy* tab, and
then click *New*. 4. Type a descriptive name in the *New Group Policy
Object* box (for example, type OfficeUpdate policy), and then press ENTER.
5. If you want to prevent this policy from being applied to certain users or
groups: a. Click *Properties*, and then click the *Security* tab. b. Add
the user or group that you want to *prevent* from having this policy
applied. c. For that user or group, click to clear the *Read* and the *Apply
Group Policy* check boxes in the *Allow* column of the *Permissions for
Authenticated Users* list. d. Click *OK*. 6. Click *Edit*. 7. Under *User
Configuration*, expand *Windows Settings*, expand *Internet Explorer
Maintenance*, and then click *Security*. 8. In the right pane,
right-click *Security
Zones and Content Ratings*, and then click *Properties*. 9. Click *Import
the current security zones and privacy settings*, click *Continue* after you
read the message stating that these settings will be ignored on computers
that do not have the enhanced security configuration feature enabled, and
then click *Modify Settings*. 10. Click *Trusted sites*, and then click *
Sites*. 11. In the *Add this Web site to the zone* box, type
http://officeupdate.microsoft.com, and then click *Add*. 12. In the *Add
this Web site to the zone* box, type http://office.microsoft.com, and then
click *Add*. 13. Click *Close*, and then click *OK*. 14. In the *Security
Zones and Content Ratings* dialog  box, click *OK*. 15. On the *File* menu,
click *Exit*. 16. Click *Close*, and then permit sufficient time for the
policy to propagate throughout the domain.
from here - support.microsoft.com/default.aspx

Didn't find what you were looking for? Find more on Forcing authentication Or get search suggestion and latest updates.