If my ASP.NET app is set up for ADFS using Windows Integrated Authentication, I know this will work in IE, but will it work in Firefox?
I've seen some things on the web that indicate that there are problems, and you need to put a workaround in each client browser - http://codebetter.com/blogs/eric.wise/archive/2006/11/16/Note-to-self_3A00_-Firefox-Windows-Authentication.aspx
It's not a workaround. Firefox will not send your Windows Integrated Credentials to a website by default. You have to tell it to "trust" the website.
You could display those instructions on a page you direct unauthenticated users to.
Related
i have some doubts on the SSO functionalities in different browsers,
-> if i enter my SSO application URL in IE browser it is automatically taking my windows credentials and it is allowing me to access the applications without re-authenticating.
-> same URL i have tried in Mozilla and Google Chrome browsers but it is asking for credentials. its weird for me by not taking the windows credentials.
could you please help me with this, do i have to change any settings in mozilla and chrome browsers to access the SSO application without asking credentials.
Note: It is from both the internal network and outside network.
Thanks,
Gowthaman. p
Ping Identity has two URLs that explain the settings required...
IE/Firefox:
https://documentation.pingidentity.com/display/PFIWA31/Step+Five+--+Configure+User+Browsers
Chrome:
https://ping.force.com/Support/PingIdentityArticle?id=kA3400000008RWWCA2
Though, generally, if IE is working, then so will Chrome (on Windows), since it uses the same configuration. If you have the PingFed Server in your "Trusted" sites, remove it.
I have configured my ASP.NET website to use windows auth (and disabled annon auth), and setup some authorization rules. The website is deployed on the Intranet and all users have a windows identity.
When a user navigates to the website, the typical "Windows Security" window pops up, asking the user for his identity. I want to disable this, since the user is already logged in with a domain account. The browser should submit the current identity and IIS can use this to auth.
Any ideas?
Note: I am using IE and the Enable Integrated Windows Authentication is checked
In which browser is this happening? Internet Explorer has an option that explicitly defines whether the browser tries to authenticate users automatically.
You can find it in Tools - Internet Options - Advanced - Enable Integrated Windows Authentication.
Where I've seen this symptom happening before, I've had to add the URL the website is on explicitly into the Local Intranet zone in IE.
A tester of my new app reported problems with authorization support in ASP.NET MVC app: Whenever he switches to a new tab (different controller), he's prompted for his login again.
After investigation, I found that the server forcibly wants to use cookieless forms authentication using URLs such as in this question.
The problem appears in his Firefox 3.6.15. Not on other browsers on his computer, not on Firefox on other computers. I checked his Firefox options: Cookies are enabled. HTTPfox even says there is an ASPNetSessionId exchanged!
How come? Can anyone shed some light? FWIW, my web.config doesn't say anyhting about cookies or sessions. I didn't even know of these cookieless URLs before seeing them on this computer and doing some research.
Uninstall and reinstall Firefox from his machine. backup his bookmarks first so he doesnt lose anything. It sounds like its an installation issue rather than a coding problem.
Anyone experience any issues with IIS7, integrated mode forms authentication while using IE8? I have a website with a login form, once logged in, any postback causes the user to be logged out. This doesn't even happen consistently, sometimes I can login and not experience this issue, other times it happens instantly. I can not replicate the problem in any other browser and I cannot replicate on my development machine running / debugging vs2010.
Is your application on a server farm? If so, ensure your web.config's have matching machine keys - http://msdn.microsoft.com/en-us/library/w8h3skw9(v=VS.100).aspx
In my asp.net webforms application I am using plain and simple forms authentication hooked up into my database (with the standard membership provider). Everything works well, I can log in , log out, get roles, etc...
However, after deploying my site to the intranet IIS server I noticed that IE cannot be authenticated. The actual authentication process for logging in works (as it does tell you when your password/username is wrong) but after authentication completes it claims you aren't logged in.
This is only on my deployed IIS environment as locally while in my VS environment everything works just fine in IE. While in the deployed IIS chrome and Firefox work just fine.
The only thing I can tell is it looks like IE isn't getting or saving the authentication cookie. This is not IE setting related as I have my IE8 set to accept all cookies, and I tested on a coworker's IE8 machine and another's IE7 with the same results.
My web.config is using the following settings:
<authentication mode="Forms" >
<forms cookieless="UseCookies" />
</authentication>
Does anyone at least have a clue on where I would look to begin debugging this issue?
Thanks,
Edit: I have been forced to fix this issue now, since my webserver is not working well with URL authentication.
I have used fiddler and figured out that IIS7 is not sending any cookies to me when I am in IE. No cookies are in the headers. The cookies are correctly in the headers when serving the site to Mozilla and Chrome browsers though. I am at a loss as to why.....
Edit2: As a side note, when I log into the web server directly, if I go to Http://localhost/ IIS sends IE the cookies fine, but if I go to http://qa_build/ (that's the computer name for the server) IIS won't send the cookies to IE.
Finally figured out the answer. It turns out if the domain has an underscore in it, Internet Explorer will not store cookies. Changing the computer's name to qabuild fixed it.
http://support.microsoft.com/kb/316112
Is there another submit button on the page somewhere that is not related to the login?
I had a similar problem when trying to log in once, and discovered it only happened when I hit enter instead of clicking the login button, and it was being caused by another button taking the default button click. It would authenticate, but it would not give me any user roles.