How to automatically log on to IIS by using NT Challenge/Response (264086)


The information in this article applies to:

  • Microsoft Internet Explorer 5.0 for Windows NT 4.0
  • Microsoft Internet Explorer 4.01 for Windows NT 4.0 SP 1
  • Microsoft Internet Explorer 4.01 for Windows NT 4.0 SP 2
  • Microsoft Internet Explorer 4.0 for Windows NT 4.0
  • Microsoft Internet Explorer 5.0 for Windows NT 3.51
  • Microsoft Internet Explorer 4.01 for Windows NT 3.51
  • Microsoft Internet Explorer 4.0 for Windows NT 3.51
  • Microsoft Internet Explorer 5.0 for Windows 98 Second Edition
  • Microsoft Internet Explorer 4.0 for Windows 98 Second Edition
  • Microsoft Internet Explorer 5.0 for Windows 98
  • Microsoft Internet Explorer 4.01 for Windows 98 SP 1
  • Microsoft Internet Explorer 4.01 for Windows 98 SP 2
  • Microsoft Internet Explorer 4.0 for Windows 98
  • Microsoft Internet Explorer 5.0 for Windows 95
  • Microsoft Internet Explorer 4.01 for Windows 95 SP 1
  • Microsoft Internet Explorer 4.01 for Windows 95 SP 2
  • Microsoft Internet Explorer 4.0 for Windows 95
  • Microsoft Internet Explorer 5.0 for Windows 3.1
  • Microsoft Internet Explorer 4.01 for Windows 3.1
  • Microsoft Internet Explorer 4.0 for Windows 3.1
  • Microsoft Internet Explorer 5.0 for Windows 2000
  • Microsoft Internet Explorer 4.01 for UNIX on Sun Solaris
  • Microsoft Internet Explorer 4.01 for UNIX on HPUX
  • Microsoft Internet Explorer 5.0 for Macintosh
  • Microsoft Internet Explorer 4.5 for Macintosh
  • Microsoft Internet Explorer 4.01 for Macintosh
  • Microsoft Internet Explorer 4.0 for Macintosh
  • Microsoft Internet Information Server 4.0
  • Microsoft Internet Information Services 5.0
  • Microsoft Internet Explorer 5.0 for UNIX on HPUX
  • Microsoft Internet Explorer 5.0 for UNIX on Sun Solaris
This article was previously published under Q264086
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx

SUMMARY

It is the responsibility of the user's Web browser to pass the user's credentials to an Internet Information Services (IIS) Web server. If Internet Explorer is configured properly, the browser can automatically log on to IIS using Windows NT Challenge/Response over HTTP with the user's currently-logged-on Microsoft Windows account.

MORE INFORMATION

The following conditions must be met for Internet Explorer to automatically log on to Internet Information Services using NT Challenge/Response over HTTP with the user's currently-logged-on Windows account:
  • Windows NT Challenge/Response (NTCR) authentication must be enabled and working on the target Web site, virtual directory, or file. You can enable NT Challenge/Response in the Internet Service Manager by selecting NT Challenge/Response authentication (IIS 4) or Integrated Windows authentication (IIS 5).

    Note Integrated Windows authentication (IIS5) includes both Kerberos authentication and Windows NT Challenge/Response authentication. For more information about how IIS authenticates browser clients, click the following article number to view the article in the Microsoft Knowledge Base:

    264921 How IIS authenticates browser clients

    Some network devices such as proxy servers will block NTCR authentication.
  • Microsoft Internet Explorer supports automatic logon. Other Web browsers may not support this feature.
  • The Internet Explorer security zone in which the target Web site appears must be set to Automatic logon only in Intranet zone (intranet) or Automatic logon with current username and password (internet/extranet). Automatic logon only in Intranet zone is the default setting for the Intranet security zone in Internet Explorer 5. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

    174360 How to use security zones in Internet Explorer

  • The user who is requesting the Web page must have appropriate file system (NTFS) permissions to the Web page as well as all of the objects referenced in the Web page. For example, a user may have full control permissions to a Web page but that user will be prompted for a password if he or she is denied access to a graphic in a secure folder.
Modification Type:MajorLast Reviewed:6/9/2006
Keywords:kbhowto KB264086
©2004 Microsoft Corporation. All rights reserved.