We have what I thought was a common scenario, but I can't seem to figure out how to make it work.

• We primarily use our own computers and want to have all authentication run back to an individual's Active Directory account both for convenience and security.
• We have people on client sites frequently and they want to be able to access OnTime web edition from a client's computer.  Several of our clients are very sticky about bringing in external laptops, etc.

From what I can tell:

• If you want to enable authentication to Active Directory for a user, you have to set them up using Integrated Authentication in OnTime (which I regard as a very good thing.  Should be the default)
• If you do that, you have to set up the web site for integrated authentication, which again we'd like to have for the times when we use the web interface internally (like following links in the emails that are generated)
• But then you can't access the site from Firefox anywhere or IE unless the computer is in the domain or in a trusted domain with the user logged in as an account that's configured as the Integrated Authentication account in OnTime.

This seems pretty silly to me because you can't even do the trick you can with normal ASP.NET forms authentication - set up two instances of the site, one for internal IE use and one for external use.  I've tried a range of tricks such as enabling basic authentication as well as integrated authentication (we run the site using SSL) with no joy.

How do other people get this to work?

---

Kendall Miller
Principal
eSymmetrix - Exceptional People, Extraordinary Results
Voice: 877.300.eSym
www.esymmetrix.com