IE安全区问题

Question

I'm developing a website which will be used in the corporate intranet which uses JCIFS and NTLM to automatically authenticate the users without asking them to log on. Everything seems to be working in IE 6, but some users are being prompted for their passwords in IE 7.

We've had some success by getting the users to change their Logon option to "Automatic logon using current username and password" (Tools > Internet Options > Securty Tab > Select Local Intranet > Custom Level > All the way at the bottom User Authentication > Logon), but we are still having a few users who are getting username/password prompts.

Also, we've had some users report they can just click cancel when the prompt comes up and the page will come up correctly.

If anyone has any other suggestions, I'd greatly appreciate them.

Answer 1

You may also want to try having your users add your domain to their trusted sites list. I know that I had to do that to get our sites working with NTLM.

Answer 2

If you access an intranet Web site by using an IP address or a fully qualified domain name , or a url with a dot in it the Web site may be identified as in the Internet zone instead of in the Local intranet zone.

http://support.microsoft.com/kb/303650

Answer 3

Turned out that the new security settings on the laptops required NTLMv2 which is not well supported by the JCIFS NLTM library.

After some research, found out that JCIFS implementation of NTLM is very hacky (as described by the JCIFS devs) and they're removing support in the next major version of JCIFS. We've moved to using the Tomcat IIS Connector ( http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html ), which works much better.

Thanks everyone for your responses.