Password prompt on a Website, when the Computer is outside the Active Directory Domain

%3CLINGO-SUB%20id%3D%22lingo-sub-1426421%22%20slang%3D%22en-US%22%3EPassword%20prompt%20on%20a%20Website%2C%20when%20the%20Computer%20is%20outside%20the%20Active%20Directory%20Domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1426421%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Together.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20Website%20that%20Running%20on%20IIS%20with%20Windows%20Authentication.%20When%20a%20Domain%20Joined%20Computer%20go%20to%20the%20page%2C%20it%20will%20be%20Automated%20logged%20in.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20it%20works%20how%20it%20was%20designed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20the%20problem%20is%2C%20when%20the%20computer%20is%20outside%20the%20domain%2C%20it%20will%20always%20come%20an%20Username%20Password%20prompt.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20can%20I%20fix%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20I%20did.%20I%20have%20added%20the%20website%20URL%20to%20the%20Intranet%20Site%20%7C%20Trusted%20Site%20and%20played%20with%20the%20Automated%20Login%20options%20in%20the%20Internet%20Options%20in%20the%20Zone%20Rules.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20tried%20also%20to%20change%20the%20authentication%20provider%20order%20in%20the%20IIS%20settings%20to%20NTLM%20first%20and%20Negotiate%20as%20second.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20think%20the%20problem%20is%2C%20that%20the%20NTLM%20authentication%20will%20not%20work%20fine.%20Because%20outside%20the%20domain%20will%20the%20client%20not%20have%20any%20Kerberos%20ticket.%3C%2FP%3E%3CP%3EBut%20NTLM%20should%20be%20enough.%20Because%20I%20can%20connect%20a%20SMB%20share%20without%20entering%20any%20password.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20help.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Visitor

Hi Together.

 

I have a Website that Running on IIS with Windows Authentication. When a Domain Joined Computer go to the page, it will be Automated logged in.

 

So it works how it was designed.

 

But the problem is, when the computer is outside the domain, it will always come an Username Password prompt.

 

How can I fix this?

 

What I did. I have added the website URL to the Intranet Site | Trusted Site and played with the Automated Login options in the Internet Options in the Zone Rules.

 

I tried also to change the authentication provider order in the IIS settings to NTLM first and Negotiate as second. 

 

I think the problem is, that the NTLM authentication will not work fine. Because outside the domain will the client not have any Kerberos ticket.

But NTLM should be enough. Because I can connect a SMB share without entering any password.

 

Thanks for help.