accessing IWA secured website from Mac?

Discussion in 'ASP .Net Security' started by musosdev, Jun 8, 2007.

  1. musosdev

    musosdev Guest

    Hi everyone

    Having a little trouble with an intranet system we've developed.

    Basically, the Intranet uses IWA to automatically log the user in on our
    WIndows machines, using IE.

    We have a couple of PC laptops, and when you try and connect to the Intranet
    from those, it asks you for your domain password and lets you in. Fine.

    On our mac laptops however, which use Safari, it just doesn't let you
    anywhere near the site. Safari gives an "access denied" error, and if I
    enable "anonymouse access", that breaks out Intranet.

    What's the solution? Can we use a Mac to connect to the Intranet? Will
    Safari do it with some settings changes (if so, what are they?). Will an
    upgrade to Safari 2 work, or could we install Firefox 2 and presumably that
    work?!

    Thanks for any help you can give.

    Cheers



    Dan
     
    musosdev, Jun 8, 2007
    #1
    1. Advertising

  2. On Jun 8, 1:31 pm, musosdev <> wrote:
    > Hi everyone
    >
    > Having a little trouble with an intranet system we've developed.
    >
    > Basically, the Intranet uses IWA to automatically log the user in on our
    > WIndows machines, using IE.
    >
    > We have a couple of PC laptops, and when you try and connect to the Intranet
    > from those, it asks you for your domain password and lets you in. Fine.
    >
    > On our mac laptops however, which use Safari, it just doesn't let you
    > anywhere near the site. Safari gives an "access denied" error, and if I
    > enable "anonymouse access", that breaks out Intranet.
    >
    > What's the solution? Can we use a Mac to connect to the Intranet? Will
    > Safari do it with some settings changes (if so, what are they?). Will an
    > upgrade to Safari 2 work, or could we install Firefox 2 and presumably that
    > work?!
    >
    > Thanks for any help you can give.
    >
    > Cheers
    >
    > Dan


    Hi Dan

    that's a good question... As far as I can see in the documentation for
    WSS (Windows 2003 service, that used IWA) it will work with Safari 2.0
    and Firefox 1.5. I confirm that Firefox is working with IWA but I have
    never did tested it on Mac. Try to install the newest version of
    Safari browser...

    Cheers
     
    Alexey Smirnov, Jun 8, 2007
    #2
    1. Advertising

  3. Hi Dan,

    If some of your client machine are of non-windows or non-IE browser, and
    server application in IIS require windows specific authenticaiton, I think
    you may consider the followings:

    1. Still use "integrated windows" authentication at server-side, however,
    you need to enable "anonymous" so as to avoid the client-side supply
    security token or credential info.

    2. You can also use basic authentication if this is an intranet
    application. Basic authentication is a http standard and is supported by
    most web browsers. Also, in IIS you can configure the basic authentication
    to mapp the authenticated user (through prompted username/password
    credentials) to a cerrtain windows identity(of server or domain).

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead



    ==================================================

    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    ications.



    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at
    http://msdn.microsoft.com/subscriptions/support/default.aspx.

    ==================================================


    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Steven Cheng[MSFT], Jun 11, 2007
    #3
  4. musosdev

    musosdev Guest

    Thanks for the reply.

    I don' think either of those are feasible to be honest, as we rely on
    knowing the authenticated user for security purposes within our system - so
    using basic or anonymous will be a bit of a problem (as I understand it?).

    Using IE on the Mac works, although it gives a weird error saying it can't
    access "http://intranet/(s(..sessionID..))/StartPage.aspx" - weird because if
    you reload the page, it works?!

    Anyone got any ideas on this!?

    Tnx, Dan.


    "Steven Cheng[MSFT]" wrote:

    > Hi Dan,
    >
    > If some of your client machine are of non-windows or non-IE browser, and
    > server application in IIS require windows specific authenticaiton, I think
    > you may consider the followings:
    >
    > 1. Still use "integrated windows" authentication at server-side, however,
    > you need to enable "anonymous" so as to avoid the client-side supply
    > security token or credential info.
    >
    > 2. You can also use basic authentication if this is an intranet
    > application. Basic authentication is a http standard and is supported by
    > most web browsers. Also, in IIS you can configure the basic authentication
    > to mapp the authenticated user (through prompted username/password
    > credentials) to a cerrtain windows identity(of server or domain).
    >
    > Sincerely,
    >
    > Steven Cheng
    >
    > Microsoft MSDN Online Support Lead
    >
    >
    >
    > ==================================================
    >
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    > ications.
    >
    >
    >
    > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    > where an initial response from the community or a Microsoft Support
    > Engineer within 1 business day is acceptable. Please note that each follow
    > up response may take approximately 2 business days as the support
    > professional working with you may need further investigation to reach the
    > most efficient resolution. The offering is not appropriate for situations
    > that require urgent, real-time or phone-based interactions or complex
    > project analysis and dump analysis issues. Issues of this nature are best
    > handled working with a dedicated Microsoft Support Engineer by contacting
    > Microsoft Customer Support Services (CSS) at
    > http://msdn.microsoft.com/subscriptions/support/default.aspx.
    >
    > ==================================================
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    >
     
    musosdev, Jun 12, 2007
    #4
  5. Thanks for your reply Dan,

    As your webserver is using windows authentication, it will requre client
    browser to use either NTLM or kerberos protocol to transfer the security
    context(token or credentials), for non-IE webbrowser, I'm afraid they're
    not expected to fully support windows specific authentication feature.
    That's why basic authentication is commonly used in non-windows, non-IE
    scenarios. If you do need to use windows interaged authentication at
    server-side, using IE is the expected approach.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Steven Cheng[MSFT], Jun 13, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. VB Programmer
    Replies:
    2
    Views:
    364
    Michael Evanchik
    Nov 10, 2003
  2. Replies:
    1
    Views:
    495
    Nicole Calinoiu
    May 15, 2006
  3. Parag Gaikwad

    Use Forms to Logon to IWA website

    Parag Gaikwad, Apr 24, 2007, in forum: ASP .Net Security
    Replies:
    2
    Views:
    132
    Parag Gaikwad
    Jul 4, 2007
  4. Joe

    Question about secured website

    Joe, Sep 20, 2005, in forum: ASP General
    Replies:
    2
    Views:
    125
    Bullschmidt
    Sep 21, 2005
  5. Daniel Frechette
    Replies:
    2
    Views:
    197
    Thomas 'PointedEars' Lahn
    Apr 10, 2006
Loading...

Share This Page