Single sign on via network connection

Hi there, I have a single sign on issue using windows xp and internet explorer.

Under normal circumstances, my computer is connected to our local area network. My computer is part of our active directory structure and my username also belongs to the active directory. When I start internet explorer and navigate to our intranet, I will be identified and authenticated by this website via a single sign on mechanism. (With my username, I am logged on with). And everything works fine!

Now assume, that I am on business trip. I am not connected to the LAN and therefore logged on by my cached profile on my computer. (Same username as before). Then I connect my computer to an external provider

by setting up a network connection with an appropriate username and password.

Additionally I set up a VPN tunnel to the LAN of my company.

Now, when I start the internet explorer and navigate to the intranet-web-page, the single sign on fails and I will be promted with an authentication window. And the strange thing is, that the username which is already placed within the form, isn't the username I am logged on with (my cached profile), but the username of the network connection I need to connect my computer to the external provider.

I already did some searches within the filesystem and the registry, but

I nowhere found this username... And I also had absolute no idea, how to configure my windows in the way

to use my username I am logged on with, instead of this username which belongs to the network connection.

I would be more than happy, if somebody could give me a hint... !!!!

Thanks in advance, Josch

Reply to
josch67
Loading thread data ...

Single Sign-On is an issue for itself, as well as MSIE is.

The mysteries of NTLM authentication will never be uncovered. Oh wait, there's some documentation telling exactly why it is so...

Sadly, no one ever remembers RTFM.

Reply to
Sebastian Gottschalk

The reason, why I ventured to asked, is exactly because I didn't find any hint or solution in the documentations I dispose of. (Searching MS Technet articles primarily)

And as far as I can judge, I just asked in a friendly manner. So if there are some people who probably think "what kind of stupid things this guy is asking" just do not reply! Save your time for writing and my time for reading things who doesn't help either the writer nor the reader...

But I would be still more than happy if someone could give me a hint (also just a hint which documentation probably could help)!

Thanks in advance, Josch

Sebastian Gottschalk schrieb:

Reply to
josch67

The problem is that you're first authenticating locally and then just tunneling to your network. What you actually need is to login remotely, f.e. with Remote Desktop.

And you should stop depending on NTLM authentication for webbrowsers. The implementation in Mozilla/Firefox sucks, Opera doesn't support it at all, and MSIE is totally f***ed up about any HTTP authentication scheme.

Reply to
Sebastian Gottschalk

Is there something wrong with asking your support people at your job for help? Why are you not asking someone there for help?

Duane :)

Reply to
Duane Arnold

The Web server is making you authenticate your credentials. I would assume that it knows the difference between a machine that is physically on the LAN on the Intranet trying to make the connection to the Web server as opposed to you doing it remotely through some VPN connection and you're not really on the trusted LAN domain, with the connection being made over the Internet.

In any event, you should be asking your support people at your job as to why it is so.

Duane :)

Reply to
Duane Arnold

The complete behaviour depends on your network setup. What are you doing exactly?

Yours, VB.

Reply to
Volker Birk

Hi all,

I just found a microsoft technet article which desribes the problem. (Including an appropriate solution).

formatting link
Thanks for all tips anyway!

Regards, Josch

Volker Birk schrieb:

Reply to
josch67

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.