First thing first, I need to get the DOMAIN login of my laptop. Once I login to the windows laptop, I can already catch the DOMAINusername.
I can access my project url thru my browser but when I use different laptop different domain to check if other domain can access too, they were asked to input Windows user name and password which is not supposed to happen.
My project is located in different server 192.168.1.122, I changed the url to http://employee.proj:8070/, to access this url from my laptop,
I setup the Internet Options > Security > Local Intranet > Sites > Advanced and I added:
192.168.1.122
Then I added it on my hosts. Windows > System32 > drivers > etc > hosts
For the IIS settings
Authentication > Windows Authentication – enabled; Anonymous Authentication – disabled;
Authentication > Windows Authentication > Providers – NTLM, Negotiate
Authentication > Windows Authentication > Advanced Setting – Protection OFF, Kernel ENABLED;
While my laravel web.config is
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
<requestFiltering>
<requestLimits maxQueryString="5000" />
<verbs applyToWebDAV="false">
<add verb="TRACE" allowed="false" />
<!-- <add verb="OPTIONS" allowed="false" /> -->
</verbs>
</requestFiltering>
</security>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Headers" value="Origin, Content-Type, Authorization,X-Requested-With" />
<add name="Access-Control-Allow-Methods" value="GET" />
<add name="X-Download-Options" value="noopen" />
<add name="X-Frame-Options" value="DENY" />
<!-- if you need to allow same origin, comment above line and uncomment below line -->
<!-- <add name="X-Frame-Options" value="SAMEORIGIN" /> -->
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
<add name="X-XSS-Protection" value="1; mode=block" />
<add name="X-Content-Type-Options" value="nosniff" />
<add name="Referrer-Policy" value="origin-when-cross-origin" />
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
<rewrite>
<rules>
<rule name="Imported Rule 1" stopProcessing="true">
<match url="^" ignoreCase="false" />
<conditions logicalGrouping="MatchAll">
<!-- <add input="{HTTP_AUTHORIZATION}" ignoreCase="false" /> -->
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
<add input="{URL}" pattern="(.+)/$" ignoreCase="false" />
</conditions>
<action type="Redirect" url="{C:1}" redirectType="Permanent" />
</rule>
<rule name="Imported Rule 2" stopProcessing="true">
<match url="^" ignoreCase="false" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
</conditions>
<action type="Rewrite" url="index.php" />
</rule>
</rules>
</rewrite>
<defaultDocument>
<files>
<clear />
<add value="index.php" />
<add value="Default.htm" />
<add value="Default.asp" />
<add value="index.htm" />
<add value="index.html" />
<add value="iisstart.htm" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
Is there any setup that I missed? I am very curious why other domain can’t access my url without asking username password.