Enabling Integrated Windows Authentication

By default, Directory Update and Directory Manager use forms-based authentication but both applications support the use of Integrated Windows Authentication (IWA). This is also sometimes called single signon or pass-through authentication. When Windows Authentication is enabled, the user is automatically logged on to the web site they are visiting as soon as they visit the site. Their web browser uses the credentials of their current Windows session.

Integrated Windows Authentication Requirements

In order for IWA to work properly, the following requirements must be met.

For more information, see the following sites and articles:

Note that administrators may see an issue with Directory Update when they have a connection (such as a mapped drive) to the IIS server using alternate credentials such as an administrative account.

Enabling IWA for Directory Update and Directory Manager

Enabling IWA for Directory Update and Directory Manager is a simple matter of editing the application's Web.Config file. The Web.Config file is found in the root folder of the application such as c:\inetpub\wwwroot\directoryupdate or c:\inetpub\wwwroot\directorymanager. Open the Web.Config file in any text editor and locate the authentication tag.

<authentication mode="Forms">
  <forms name="AppNameAuth" path="/" loginUrl="Login.aspx" protection="All" timeout="60"/>

Change the "Forms" option to "Windows" to switch to IWA. A restart of IIS should not be necessary but sometimes that helps to flush all code out of memory.

<authentication mode="Windows">
  <forms name="AppNameAuth" path="/" loginUrl="Login.aspx" protection="All" timeout="60"/>

Confirm that Integrated Windows Authentication is enabled on the Web site

In some cases, IWA is not enabled at the root of the Web site in IIS. This is required even if you don't use it on all virtual directories or applications.

  1. Logon to the console of the IIS server
  2. Launch Internet Information Services (IIS) Manager
  3. Navigate to the Web site that you are using (usually Default Web Site) and click on it
  4. In the Details window, locate the "Authentication" icon and double click it
  5. Validate that Windows Authentication is Enabled
    Validating that Windows Authentication is enabled in IIS
  6. If Windows Authentication is not enabled, right click on Windows Authentication and choose Enable

Google Chrome and Firefox using Integrated Windows Authentication

Cut us open and check.... we do bleed Microsoft blue... or red... or green... or whatever colors they are are currently using. But, from the perspective of a Web software development, Internet Explorer has been a solid disappointment.

Fortunately, both Chrome and Firefox do support IWA, though maybe not as well from an enterprise software perspective

Last Review: 17 Dec 2016