Question - Will I be able to access a Asp.net website on IIS 7 with integrated windows authentication enabled from outside the domain?
Thks
Yes - browser will typically prompt for your windows credentials. User name has to be provided as [Domain Name]/[Login Name] format where domain name will be target domain (i.e. domain known (and trusted) by your web server).
Related
I'm currently experiencing an issue with some users of an ASP.NET 4.8 Web API application hosted on Windows Server 2012 and IIS. The following properties are not returning that user's correct user name, and instead returning the name of a service account used for this server:
HttpContext.Current.User.Identity.Name
HttpContext.Current.Request.LogonUserIdentity.Name
I have no idea how to begin troubleshooting this - myself and most other users do not experience this issue, but for a handful of users the above does not return the correct username, returning the username of a service account used to remotely connect to the server in question. Forcing a login via a browser private window does rectify the issue, and the application correctly returns the expected username for each of the above properties.
What could be a cause for Windows Authentication not returning the correct user name and what is the best way to troubleshoot an issue like this?
edit: I was able to resolve the issue, see my answer below
After some additional research and troubleshooting, I determined that the users experiencing the issue described above had the service account in question stored in the Windows Credential Manager:
Removing the service account in question allowed them to be authenticated with the Intranet site with their normal Windows domain\username. As #pcalkins suggested, at some point the affected users had used these credentials on their machine, and Chrome, Edge, IE were using that saved credential when authenticating with the Intranet site.
Please check the following steps:
Make sure that windows authentication is enable and Anonymous Authentication is disable for the website.
Enable integrated security in Interner Explorer (Options/Advanced and checkin the "Enable Integrated Windows Authentication" option).
Add your website to Local Intranet zone and select at least "Automatic logon only in Intranet Zone" option under Options/Security Settings/Local intranet/Custom level).
Aake sure the user and application server are in the same domain.
We have asp.net web application running on Domain A with working Windows Authentication.
Our customer now wants to authenticate users from Domain B to this website, but we are not allowed to have trust between Domain A and Domain B.
Windows Authentication is not required for the users from Domain B, but Windows Authentication for Domain A should still work.
Does anyone know if this is possible to do?
We are using .net framework 4.0.
what about creating restricted accounts in the domain A for these users?
what about creating local accounts on the server in domain A for these users?
or, you can use Active Directory Federation Services
I have setup Active Directory in a VM and added some users into it. I used Windows 2008 core edition to setup the AD. Now to test my asp.net application, I created a sample page and configured in IIS. So when we call this page windows security window will be called and ask for username and passowrd.
My requirement is type the username and password which i specified inside AD. I provide username in the security window, something like:
test.ca/username
where test.ca is the domain name for AD. My problem is username is not getting accessed from VM and authentication fails and the username/pwd window prompts again.
Any one has suggestions?
Regards
Sangeetha
The machine running IIS must be joined to the Active Directory domain in order to use Integrated authentication with domain accounts.
If the machine running IIS cannot be joined to the domain, then you would need to use Forms authentication instead. Then, your ASP.NET application could, for example, validate the user's credentials against AD using the classes in the System.DirectoryServices namespace.
We have been running an ASP application in local intranet using IIS7 and now have requirement to get Client computer name and logged user name, so that we can show his home page according to his setting. I did search on internet but did not find any solution yet. I also tried using LOGON_USER server variables but it works fine when I run using localhost but not when use IP Address (Return blank value). I also enabled window authentication and disabled anonymous but I prompt for user name and password even I did not set user name and password.
You will not be able to determine the computername directly. You will need to perform a reverse DNS lookup on the client's IP. Check out the link below from ASP101 to accomplishing this in ASP classic.
As far as the username, you will need to enable authentication in IIS otherwise all incoming requests will be anonymous. If you are running in a trusted environment, setup IIS for "Integrated Windows Authentication". This will allow the client's current user information to be used to authenticate to your website without a userid/password prompt. Note that integrated authentication is not part of the default IIS7 install.
Good luck.
ASP based Reverse DNS Lookup
http://www.asp101.com/articles/jason/reversedns/default.asp
Integrated Windows Authentication in IIS6 and IIS7
http://blogs.iis.net/nitashav/archive/2010/03/12/iis6-0-ui-vs-iis7-x-ui-series-integrated-windows-authentication.aspx
You can also achieve this by using WMI, however the remote computer and logged on user must be part of a domain that you have the administration credentials for. You will also need to use reverse DNS to find out the computer name, which #jking89 has given a great reference to above. Take a look at the WMI Win32_ComputerSystem class, here http://msdn.microsoft.com/en-us/library/aa394102(VS.85).aspx. Hope this helps as an alternate solution.
We have an issue for our intranet site that is running in our local network.
In a nutshell, we have integrated Active Directory authentication with our application and what to use IIS integrated authentication to allow users to sign on without entering any credentials.
Assume the AD domain is "domain.name", and the server our application is hosted on is "server-name". We are running in Windows 2008 and the Integrated Authentication role is set up in IIS.
We have managed to make this work for http:||server-name/, however when we enter http:||server-name.domain.name/, users are prompted for their credentials in the standard way and if they cancel, a "401 Unauthorised" message is displayed.
The issue is, that it seems to authenticate when the machine name is accessed, but browsers do not pass over credentials when the fully qualified address is accessed.
Has anyone seen this before? Is there any advice they can shed on the situation? I ask as a programmer who has little experience with network setup and Active Directory.
Thanks
Have a look in IE settings. Tools > Internet Options > Security > Local Intranet > Custom Level. Scroll down to the very last setting "Automatic login only in Intranet zone". By default IE will only automatically pass along windows authenticated credentials to a site it considers "intranet".