My website is hosted in remote server with Windows Authentication enabled. I and some of my colleges were able to access the website. But for some peoples it's prompting for credentials. I've done some modifications didn't remembered to access the website. Is there any group/user need to be added in AD?
Please help me on this. I'm struggling since 2 days.
As far as I know, IE has the security setting which will send the current login in windows user name and password automatically. If your client doesn't enable the auto send username and password, it will prompt for credentials.
More details about how to enable it, you could refer to below steps:
1.Open the IE and find the internet options.
2.Modify the user authentication
Related
I'm currently experiencing an issue with some users of an ASP.NET 4.8 Web API application hosted on Windows Server 2012 and IIS. The following properties are not returning that user's correct user name, and instead returning the name of a service account used for this server:
HttpContext.Current.User.Identity.Name
HttpContext.Current.Request.LogonUserIdentity.Name
I have no idea how to begin troubleshooting this - myself and most other users do not experience this issue, but for a handful of users the above does not return the correct username, returning the username of a service account used to remotely connect to the server in question. Forcing a login via a browser private window does rectify the issue, and the application correctly returns the expected username for each of the above properties.
What could be a cause for Windows Authentication not returning the correct user name and what is the best way to troubleshoot an issue like this?
edit: I was able to resolve the issue, see my answer below
After some additional research and troubleshooting, I determined that the users experiencing the issue described above had the service account in question stored in the Windows Credential Manager:
Removing the service account in question allowed them to be authenticated with the Intranet site with their normal Windows domain\username. As #pcalkins suggested, at some point the affected users had used these credentials on their machine, and Chrome, Edge, IE were using that saved credential when authenticating with the Intranet site.
Please check the following steps:
Make sure that windows authentication is enable and Anonymous Authentication is disable for the website.
Enable integrated security in Interner Explorer (Options/Advanced and checkin the "Enable Integrated Windows Authentication" option).
Add your website to Local Intranet zone and select at least "Automatic logon only in Intranet Zone" option under Options/Security Settings/Local intranet/Custom level).
Aake sure the user and application server are in the same domain.
I have one third party web application developed in the ASP.Net. This web application shows some pdf planning data which comes from the the oracle database.
I have windows authentication defined on this application for authentication purpose. So whenever i first launch this application there is a popup comes up and ask for username and password like this.
I want to get rid this pop up and Instead of entering different username and password each time I want to use a single userid/password for all the hits to this web application. Because I do not want all users to have access to my database.
Please help. I want to use the single username and password without getting the login popup.
Here is the solution i got for my problem We need do the things to get rid of the login popup
Set the IIS authentication mode as windows and Use the Active directory authentication.
Add the web site as a trusted website in the internet properties.
In the internet properties allow automatically login with username and password. It will use your windows username and password and login you.
Wondering if you can help me here, been battering away at this for days now.
i have an IIS site with windows authentication installed, which is working exactly the way it should do. This particular IIS Server houses approx 6 other sites so i have create a new Site called Helpdeskv6, with Application Pool Helpdeskv6 set to .NET 4 integrated using ApplicationPoolIndentity. We are currently working on a 2008 R2 domain, no windows firewall etc.
So i have now created a A Record that gives it a nice little name for our intranet users, the A record is called helpdesk (FQDN: helpdesk.my.domain). The IIS site is setup with bindings on standard port 80 for both helpdesk and the FQDN. but yet when i try and browse to the A record address it constantly prompts me for username and password. When i enter my details they work but i dont want users to be prompted.
i have ASP.NET Impersonation and Windows Authentiation enabled - Providers are NTLM and Negotiate. ASP Impersonation is Auth User. NTLM Authentication is ticked in my ASP Project Web Property page.
i have tried just enabling and disabling so many different settings, i have used setsnp -S HTTP/helpdesk.my.domain webserver001 and i have used setsmp -S HTTP/helpdesk webserver001 as i have read alot that apparently needs these in but nothing seems to work.
i have never used ASP Auth with a A Record before so i am at a severe loss please help, hope i supplied enough information as i do not want to have users entere their windows authentication constantly it should be auto so i am just fearfull i am missing a trick here as when i browse via netbios name it works but this is not appropriate for our environment
Forgot to close this out,
The issue was becuase the site wasnt being registered as a Intranet site and Auth details where not being transported over.
I created an ASP.NET application for an internal purpose, where the domain user accesses a simple web form, fills in the form and submits. The application impersonates the user and sends an email as the logged on domain user to our ticketing system where a ticket is generated from the user who filled out the form. Now, everything works when I test by logging onto the same server that IIS (7.5) is located and submit the form, but when I try to do the same from my desktop (opening browser and pointing to web server), it does not work. After investigating the issue, I discovered that this is likely a double-hop issue (which I confirmed when the exchange admin checked logs after a few failed attempts and found that site was trying to send email as NTAuthority/Anonymous.)
I've combed the web and found a lot of info on this issue, but all I can seem find are articles detailing the issue in relation to earlier versions of IIS (IIS 5 or 6.) I’m using 7.5 so I’m not certain of how the process for resolving this would differ. Could someone who has had this issue on IIS 7.5 post the basic step by step instructions for resolving double-hop as it relates to IIS 7.5 and sending impersonated email to an Exchange server? Something to the effect of, step one – do this, step 2 – do this, etc…
Another question that I have is the following: Many articles that I have read specify setting up a service account for delegation, and then create SPNs...However with IIS 7.5, I have the option of using application pool identities. Would application pool identities work with delegating impersonation, or would a service account be required to fix the issue?
Thanks all!
From your description, it sounds like your ASP.NET application is trying to determine the logged in user by their Windows network login credentials?
If so, all you should need to do is turn off "Enable Anonymous Access" in your IIS site and make sure that "Authenticated Access" has the "Integrated Windows Authentication" turned on. Then IIS should properly query the browser for their login info and the session should use the user's credentials. This assumes a few things about the client browser used and if something other than Internet Explorer is used, then you might also need to turn on one of the other authentication methods so that the other browsers will properly prompt the user for their network login credentials. Sorry I don't have a running IIS 7.5 server at the moment to give you the exact site properties and descriptions to look at. So if you cannot determine it from my description here, hopefully someone else might add on with that or I can try to follow up later if you need.
We have an issue for our intranet site that is running in our local network.
In a nutshell, we have integrated Active Directory authentication with our application and what to use IIS integrated authentication to allow users to sign on without entering any credentials.
Assume the AD domain is "domain.name", and the server our application is hosted on is "server-name". We are running in Windows 2008 and the Integrated Authentication role is set up in IIS.
We have managed to make this work for http:||server-name/, however when we enter http:||server-name.domain.name/, users are prompted for their credentials in the standard way and if they cancel, a "401 Unauthorised" message is displayed.
The issue is, that it seems to authenticate when the machine name is accessed, but browsers do not pass over credentials when the fully qualified address is accessed.
Has anyone seen this before? Is there any advice they can shed on the situation? I ask as a programmer who has little experience with network setup and Active Directory.
Thanks
Have a look in IE settings. Tools > Internet Options > Security > Local Intranet > Custom Level. Scroll down to the very last setting "Automatic login only in Intranet zone". By default IE will only automatically pass along windows authenticated credentials to a site it considers "intranet".