accessing IWA secured website from Mac?

[musosdev]

Hi everyone

Having a little trouble with an intranet system we've developed.

Basically, the Intranet uses IWA to automatically log the user in on our
WIndows machines, using IE.

We have a couple of PC laptops, and when you try and connect to the Intranet
from those, it asks you for your domain password and lets you in. Fine.

On our mac laptops however, which use Safari, it just doesn't let you
anywhere near the site. Safari gives an "access denied" error, and if I
enable "anonymouse access", that breaks out Intranet.

What's the solution? Can we use a Mac to connect to the Intranet? Will
Safari do it with some settings changes (if so, what are they?). Will an
upgrade to Safari 2 work, or could we install Firefox 2 and presumably that
work?!

Thanks for any help you can give.

Cheers



Dan

 

[Guest]

Hi everyone

Having a little trouble with an intranet system we've developed.

Basically, the Intranet uses IWA to automatically log the user in on our
WIndows machines, using IE.

We have a couple of PC laptops, and when you try and connect to the Intranet
from those, it asks you for your domain password and lets you in. Fine.

On our mac laptops however, which use Safari, it just doesn't let you
anywhere near the site. Safari gives an "access denied" error, and if I
enable "anonymouse access", that breaks out Intranet.

What's the solution? Can we use a Mac to connect to the Intranet? Will
Safari do it with some settings changes (if so, what are they?). Will an
upgrade to Safari 2 work, or could we install Firefox 2 and presumably that
work?!

Thanks for any help you can give.

Cheers

Dan

Hi Dan

that's a good question... As far as I can see in the documentation for
WSS (Windows 2003 service, that used IWA) it will work with Safari 2.0
and Firefox 1.5. I confirm that Firefox is working with IWA but I have
never did tested it on Mac. Try to install the newest version of
Safari browser...

Cheers

 

[Steven Cheng[MSFT]]

Hi Dan,

If some of your client machine are of non-windows or non-IE browser, and
server application in IIS require windows specific authenticaiton, I think
you may consider the followings:

1. Still use "integrated windows" authentication at server-side, however,
you need to enable "anonymous" so as to avoid the client-side supply
security token or credential info.

2. You can also use basic authentication if this is an intranet
application. Basic authentication is a http standard and is supported by
most web browsers. Also, in IIS you can configure the basic authentication
to mapp the authenticated user (through prompted username/password
credentials) to a cerrtain windows identity(of server or domain).

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.

 

[musosdev]

Thanks for the reply.

I don' think either of those are feasible to be honest, as we rely on
knowing the authenticated user for security purposes within our system - so
using basic or anonymous will be a bit of a problem (as I understand it?).

Using IE on the Mac works, although it gives a weird error saying it can't
access "http://intranet/(s(..sessionID..))/StartPage.aspx" - weird because if
you reload the page, it works?!

Anyone got any ideas on this!?

Tnx, Dan.

 

[Steven Cheng[MSFT]]

Thanks for your reply Dan,

As your webserver is using windows authentication, it will requre client
browser to use either NTLM or kerberos protocol to transfer the security
context(token or credentials), for non-IE webbrowser, I'm afraid they're
not expected to fully support windows specific authentication feature.
That's why basic authentication is commonly used in non-windows, non-IE
scenarios. If you do need to use windows interaged authentication at
server-side, using IE is the expected approach.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.