Authentication in web applications through the example of Internet Explorer
Posted by Mikhail Yakovlev, Last modified by Mikhail Yakovlev on 07 March 2019 04:29 PM

This article deals with various methods of user authentication in enterprise web resources.
The screenshots used in the article are made with IE11 and IIS10.

Username and password authentication
This is the most simple and the most evident method. The server prompts for user identification before allowing for access:

You have to enter the credentials of a user that is allowed to access the application. If correct, logon is performed.
It is not convenient to enter the password each time you login to the application. The username can be “remembered” by the application, if the corresponding checkbox is activated. The method described next allows to avoid entering even the password.

Authentication without username and password
If you do not feel like entering password, then, the whole thing should be organized so that the password is entered automatically. To do so, proceed as follows:
In the IE settings, open Internet Options -> Security. Then select the zone the site belongs to. This usually is Internet zone; however, you can add the site to Local Intranet zone or to Trusted sites.

Then, still in the Security tab, it is necessary to set security level for the zone: Custom Level... In the security settings window, User Authentication section set Automatic logon with current user name and password:

Save the changes. From now on, the prompt for credentials should not appear during login procedure.

Authentication by user certificate
Since Indeed CM allows for management of authentication devices (smart cards and USB tokens) and writing certificates to them, then why not authenticate with smart card?

For that, the site IIS should have SSL configured. To use authentication with smart card, the following settings should be set in IIS:

  • Require SSL
  • Client certificates: Accept or Require.

If Accept is used, then both authentication by username and password, and by user certificate is possible.

If Require is used, then authentication by user certificate is the only variant possible.

Now it is necessary to set up your browser for authentication by smart card. Add the site to Local Intranet zone, then switch to security settings and select Automatic logon only in Intranet zone.

(0 vote(s))
Not helpful

Comments (0)
Post a new comment
Full Name: