I am building an Intranet system currently and the client has insisted on automatic login.
I have set up the system to authenticate the currently logged in (to windows) domain user in IIS 7.5 via Windows Authentication.
The system than uses the user's username to drag details from AD via LDAP.
This works perfectly locally, however if a remote client (lets say a spare pc I have as a test-bed) which is on the same domain, and logged in as a spare test user, it will ask for login details via the standard prompt.
Once the user has done this, the system works fine, drags details from AD etc etc. but will ask again for login details the next time.
So the question is: Why is this happening? and how can I stop the prompt?
Is it something to do with the IIS user?
I have authentication mode="Windows" in web.config, and I do NOT have Impersonate enabled.
Most probably all you have to do is to add the site to the local intranet zone in IE.
http://netpl.blogspot.com/2012/06/iis-75-integrated-security-with-no.html
Related
My website is hosted in remote server with Windows Authentication enabled. I and some of my colleges were able to access the website. But for some peoples it's prompting for credentials. I've done some modifications didn't remembered to access the website. Is there any group/user need to be added in AD?
Please help me on this. I'm struggling since 2 days.
As far as I know, IE has the security setting which will send the current login in windows user name and password automatically. If your client doesn't enable the auto send username and password, it will prompt for credentials.
More details about how to enable it, you could refer to below steps:
1.Open the IE and find the internet options.
2.Modify the user authentication
My intranet site has Windows Authentication enabled.
For me and a few other users, it works great, authentication happens in IE 'behind the scenes'.
But for some other (less privileged?) users (same domain), they receive a log-in prompt.
The computer settings/local intranet settings are the same.
When authentication is disabled, the page loads fine for everyone.
So that makes me think it's not a file permission issue.
What reasons could some users get authenticated and some not?
I am building a intranet application for my company and it uses Form Authentication using active directory. When i run the application on my VS development studio is works fine. There are no issues. But when i deploy the application to a IIS Server which has anonymous access enabled using a local account, my application is reporting it cannot contact the Active Directory. My main aim is to validate the crendtials only. And I do not have administrator account on the AD.
Is this because, the server is not connected to a domain or is it because it has anonymous access turned on.
My workstation is connected to the domain and works fine when i run it on the VS development server.
If this because the server is not connected, than, is there any other ways to validate the user via the AD.
The silly part is that when i remote and try to use the browser to access Google or yahoo, windows will prompt me for username and password. I will enter my domain\username along with my password, and i will be able to access the internet. If this possible, than why I cant use the same way to authenticate my users to my application.
Here are details of my application
IIS and SQL on the same machine.
Server is not connected to the domain.
My personal workstation is connected to the domain.
I am developing an intranet MVC3 application that will be used by both domain and non domain computers.
Everyone has a domain account so whenever a non domain computer is to open the website a windows credentials prompt input box is expected to appear.
If i understand correctly this will be standard browser behavior since they won't pass windows credentials to a website unless they are in the same domain.
The problem however is that whenever i debug on my localhost i am in the same domain as the server(since i am the server obviously). This results in me being "logged in" with my workgroup windows account in stead of my domain account.
What i'm looking for is a way to trigger the prompt box so i can use my domain account to login rather then to get useless access with my workgroup account.
You can use Forms authentication with the ActiveDirectoryMembershipProvider.
Take a look to this tutorial on MSDN: http://msdn.microsoft.com/en-us/library/ms998360.aspx and this post: http://support.microsoft.com/kb/326340/en-us (sorry it's VB code).
Addendum: if you want just to test another user credentials you can use impersonation, just set-up your web.config.
We have an issue for our intranet site that is running in our local network.
In a nutshell, we have integrated Active Directory authentication with our application and what to use IIS integrated authentication to allow users to sign on without entering any credentials.
Assume the AD domain is "domain.name", and the server our application is hosted on is "server-name". We are running in Windows 2008 and the Integrated Authentication role is set up in IIS.
We have managed to make this work for http:||server-name/, however when we enter http:||server-name.domain.name/, users are prompted for their credentials in the standard way and if they cancel, a "401 Unauthorised" message is displayed.
The issue is, that it seems to authenticate when the machine name is accessed, but browsers do not pass over credentials when the fully qualified address is accessed.
Has anyone seen this before? Is there any advice they can shed on the situation? I ask as a programmer who has little experience with network setup and Active Directory.
Thanks
Have a look in IE settings. Tools > Internet Options > Security > Local Intranet > Custom Level. Scroll down to the very last setting "Automatic login only in Intranet zone". By default IE will only automatically pass along windows authenticated credentials to a site it considers "intranet".