8

Scenario

User A can access all pages in MVC4 website except one. But user B can access all pages (no restriction).

What I had done so far?

  1. Deployed website on IIS 7.5.
  2. Enabled window authentication and disabled Anonymous authentication for hosted website on IIS.
  3. Testing website.

Testing Results -

(1) When User B is logged on same system (development system) where the website is deployed, he can access the website without prompt dialog.

(2) But when same website is published on server (production system) with same settings, website still asks for credentials with pop up.

** Both of the development system and production system are in same domain (let's name it domain.com).

Question

Why is the same user in same domain is been asked for credentials by website?

Improve this question
4
  • Are both users "domain" user accounts? Commented Feb 25, 2014 at 20:04
  • @mxmissile To login on both system, I use same credentials and same domain. For e.g. Domain\XYZ (login) and Pass1234 (password). Commented Feb 25, 2014 at 20:06
  • can you check if the web.config gets transformed when you published the website and the property authPersistNonNTLM is set to true Commented Feb 25, 2014 at 20:09
  • @Overmachine No! The web.config didn't got transformed on publishing. And there is no property as the one you mentioned. Commented Feb 25, 2014 at 20:18

1 Answer 1

Reset to default
7

As per my research for Window Authentication, I want to conclude following lines (also as reference for me) -

(1) Window Authentication (abbrev. WA) will always show prompt for verifying users if you had configured WA properly.

See anonymous authentication disabled and windows authentication enabled in below snapshot.

(2) Even if one set NTLM as top provider than Kerberos (in IIS), the IIS will still ask for Window credentials. Snapshot show how to do that.

How to set IIS Provider for Window Authentication

(3) If you want to avoid showing prompt on browser for WA, follow steps-

(a) Open IE browser --> Internet Options --> Security tab.

(b) Add site to Local Intranet zone so that browser will send logged-in username and password to IIS.

Add website to Intranet zone

Note - The above points universally apply to MVC and ASP.NET.

Answer to my question Why is the same user in same domain is been asked for credentials by website?

Because I had set anonymous authentication enabled along with Window authentication on development system. (Silly mistake).

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.