cross domain integrated windows authentication in IIS for ASP.NET intranet website

Question

I built an INTRANET ASP.NET website for which authentication is set to "integrated windows authentication" and in authorization section of web.config, I have specified the AD groups (domain\groupname) to restrict the access to only to the members of those AD groups. multiple AD groups are specified in web.config (domain1\group1, domain2\group2 etc). now this works fine for users of one domain1 (where it is hosted), but for users of another domain (domain2), they get a prompt to enter their windows credentials and if they enter it, then it works and they can access the site without any problem. but I would like to avoid this login prompt, because I granted access to groups of both domains. why are they getting this prompt and is it possible to suppress it? do I need to configure something in IIS or web.config for it? Thanks in advance.

Answer 1

I believe users in Domain2 can add your website, hosted in Domain1, to their list of Intranet Sites in Internet Explorer->Internet Options->Security->Local Intranet Zone. This zone should automatically log on with the current user name and password. You could make this an AD policy.

Answer 2

I'm not sure that you can do this - I believe that users from outside the hosted domain will always be prompted for credentials with 'integrated' security.

You could probably use forms authentication to handle multiple domains. I am heading down the Windows Indentity Foundation path myself (which I have no desire to learn) so I'd love for someone to tell me I'm wrong about this!