Tomcat & IIS using Windows Intergrated Authentication

[Reynir Hübner <re...@hugsmidjan.is>]

Hi, 
I have an installation of Tomcat and IIS combo, using AJP and isapi_redirect.dll. 

This setup works fine. 

Anyway, I have a virtual directory mapped in IIS under one of the hosts, that has only Windows Intergrated Authentication security, which means the user must be apart of the nt-domain to be able to view what's inside of the directory. This virtual directory has an index.asp document that is the default document for the page, the only thing it does is redirect the browser to a jsp file with in that directory. The jsp file then prints out the user that has been authenticated on the http server.

The first time someone accesses the page, the user is someone like : 

DOMAINNAME\USER

If I press refresh or browse another page and go back, the user is "" or blank, empty String, also the Authenticate seems to be gone (instead of "negotiate" (shouldn't that be "NTLM")).

So it seems to me like the server looses the user-logon when getting another request. So I seem to be accessing the folder with out having authenticated my self.


What could be wrong ?
(I am rather sure that the setup of isapi filter is correct)

thank you 
-reynir@hugsmidjan.is

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>