By default, Directory Update and Directory Manager use forms-based authentication but both applications support the use of Integrated Windows Authentication (IWA). This is also sometimes called single signon or pass-through authentication. When Windows Authentication is enabled, the user is automatically logged on to the web site they are visiting as soon as they visit the site. Their web browser uses the credentials of their current Windows session.
Integrated Windows Authentication Requirements
In order for IWA to work properly, the following requirements must be met.
For more information, see the following sites and articles:
Note that administrators may see an issue with Directory Update when they have a connection (such as a mapped drive) to the IIS server using alternate credentials such as an administrative account.
Enabling IWA for Directory Update and Directory Manager is a simple matter of editing the application's Web.Config file. The Web.Config file is found in the root folder of the application such as c:\inetpub\wwwroot\directoryupdate or c:\inetpub\wwwroot\directorymanager. Open the Web.Config file in any text editor and locate the authentication tag.
<authentication mode="Forms"> <forms name="AppNameAuth" path="/" loginUrl="Login.aspx" protection="All" timeout="60"/> </authentication>
Change the "Forms" option to "Windows" to switch to IWA. A restart of IIS should not be necessary but sometimes that helps to flush all code out of memory.
<authentication mode="Windows"> <forms name="AppNameAuth" path="/" loginUrl="Login.aspx" protection="All" timeout="60"/> </authentication>
In some cases, IWA is not enabled at the root of the Web site in IIS. This is required even if you don't use it on all virtual directories or applications.
Cut us open and check.... we do bleed Microsoft blue... or red... or green... or whatever colors they are are currently using. But, from the perspective of a Web software development, Internet Explorer has been a solid disappointment.
Fortunately, both Chrome and Firefox do support IWA, though maybe not as well from an enterprise software perspective