8

Based on this article I've created a basic ASP.NET MVC site using the Visual Studio 2013 Intranet Site template with the default settings and changing nothing.

When running the site in debug mode instead of logging me in and displaying my domain\username, I am getting prompted to enter my username/password in a Authentication Required dialog.

I was under the impression, since I am already authenticated against the domain, I should be logged straight into the application using my AD account without having to enter in anything. When I do try explicitly entering my AD name or a local user account, nothing is accepted.

EDIT

If I type in my username/password with Firefox I am authenticated, but not with Chrome and IE.

Any ideas?

Improve this question
4
  • what browser are you using? Make sure the site is in your trusted or Intranet sites. Commented Aug 25, 2014 at 15:08
  • You need to get the client side correct too. The browser should be configured to allow windows authentication. The site should be in intranet sites and intranet site configuration should be configured to allow automatic logon. Also make sure you are not going through a proxy. Commented Aug 25, 2014 at 15:21
  • 1
    serverfault.com/questions/385025/… Commented Aug 25, 2014 at 15:35
  • This is still a question with no valid answer. Commented Apr 11, 2022 at 7:23

3 Answers 3

Reset to default
3

What you're encountering is something that's frustrated me about windows authentication for a long time. Internet explorer has a feature called pass-through authentication that authenticates you automatically when using windows auth. Other browsers have work arounds: https://addons.mozilla.org/en-US/firefox/addon/integrated-auth-for-firefox/ .

It's up to the sys admins to implement those measures for the other browsers, but nobody ever does, so we get stuck typing in our full usernames and passwords in every browser but IE.

What you can do is follow this approach : http://blogs.msdn.com/b/chunliu/archive/2010/09/21/creating-a-custom-login-page-for-windows-authentication.aspx

Not nearly as simple as enabling windows auth, or even implementing forms auth for that matter, but consider a scenario where you want infrastructure to manage permissions and administer user accounts, or if you want to expose your login page globally without exposing AD.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

But I'm getting the authentication dialog in IE too?
then your AD GPO must be disabling pass through or you're trying to authenticate across domains. Also, see clintboessen.blogspot.com/2013/09/… . The site you're authenticating against does have to be recognized as intranet, on the same domain this is automatic.
Why would Firefox be authenticating me, but not Chrome and IE?
Read markmonica.com/2007/11/20/… is that property configured on firefox? If it is then that's why firefox is working, you'll have to make equivalent adjustments in your other browsers. Typically, windows auth works in IE with no prompt, but not in any other browser, I'm curious as to who would turn it off in IE & turn it on in firefox explicitly, unless your issue is something else. If you haven't inferred it yet, your question has nothing to do with the code / IIS & has to do with browser configuration options.
network.automatic-ntlm-auth.trusted-uris exists in about:config but there isn't a value set, it's just blank.
|
1

IE won't pass credentials to a site unless it's in the intranet security zone or the same domain. You can add your site to IE's list of trusted sites using

Internet Options > Security > Trusted sites > Sites

Chrome takes its trusted site settings from IE's settings, so once you add to IE, it should also work in Chrome

Improve this answer

Comments

0

Check with your IIS (Internet Information Server) Manager and see if your application has the right permissions for the user.

  • Go to the "Connections" panel on the left-hand side
  • Under "Sites", navigate to your application or folder holding the application
  • Right click and select "Edit Permissions..."
  • Go to the "Security" tab
  • Check if your Windows ID or Windows Group (if multiple users) have the correct permissions to this site under the "Group or user names" box
  • If the user or group is not there, click on the "Edit" button and then click the "Add" button

Also check if "Windows Authentication" is enabled and both "Anonymous Authentication" and "ASP.NET Impersonation" are disabled for the application on the IIS.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.