I have a mvc3 applicaiton using windows authentication. it works fine on my local pc.
<authentication mode="Windows" />
after I deploy it to the dev server. every time, i go to the site, a login popup shows up, I need to enter ID and password to access the site. on my local computer, I never see this popup login form. always automatically logged in. What do I need to change on the server side to fix this issue.
in the IIS, I disabled anonymous authentication, only enabled windows authentication. My computer and the serve are on the same domain.
You need to add the server to the local zone in internet explorer. The server needs to be added to the local intranet as it is not being automatically detected. Add the server to this list, restart IE and it will authenticate automatically.
Related
I have two servers,
WEB01_Server
APP01_Server
So my ASP.NET MVC application has two Projects
Sample_Web
Sample_Service
So my application architecture like following
so both these projects I hosted in APP01_Server So I enable the windows authentication(using IIS) for Sample_Web project and once I browse this web project in App server URL windows login prompt coming and successfully able to log in.
Once I browse with WEB01_Server URL, it also windows AD login prompt coming and but cannot log in.
Additionally, I enabled Windows authentication in WEB01_Server this application IIS web site instance and result is same.
Configuration wise What else I need to configure ?
I am developing an ASP.NET MVC 4.5.1 application using VS 2013.
Following are the settings at the IIS 7.5
Windows Authentication Enabled (also in Web.config authentication mode is set to "Windows").
Anonymous Authentication Disabled.
Application pool is running with service account "contoso\john".
The mode is Integrated.
On my landing page (e.g. HomeController.cs) I am storing logon user information as below:
Session["LogonUserName"] = HttpContext.Request.LogonUserIdentity.Name and that's working fine, I can use the Session["LogonUserName"] from other views.
However, when redirecting from home page to a different view e.g. Customer View something weird is happening and somehow I am losing the authentication and I am not able to step into a function.
So I Disabled the Windows Authentication and Enabled the Anonymous Authentication but then on the customer view page I am getting HttpContext.Request.LogonUserIdentity.Name = "NT AUTHORITY\IUSR"
and Session["LogonUserName"] = contoso\john, which is my app pool account.
Any idea why? Could someone please help me?
Ok. The issue certainly due to be authentication (XSS problem) and the JavaScript code wasn't being trusted when running on localhost or on IP address. When given a DNS entry (site binding) the issue resolved.
We need to access the intranet site called as "http://mysite/myapp".
And with using IE, every domain users can access the site without any prompt.
But, if the user try it with Chrome, the logon prompt shows at first. After entering credential just once, the prompt doesn't appear anymore for the access.
I'm just wondering any way to avoid the first-time logon prompt on Chrome.
And we don't want any chrome browser setting or shortcut for white listing per user. Because we can't handle many users Chrome one by one.
Any help will be appreciated.
Thanks.
Check the details of the Integration Authentication in this Chromium documentation:
http://www.chromium.org/developers/design-documents/http-authentication
With Integrated Authentication, Chrome can authenticate the user to an
Intranet server or proxy without prompting the user for a username or
password. It does this by using cached credentials which are
established when the user initially logs in to the machine that the
Chrome browser is running on. Integrated Authentication is supported
for Negotiate and NTLM challenges only.
Basically, execute Chrome with these switches to specify the auth schemes:
Chrome.exe --auth-server-whitelist="MYIISSERVER.DOMAIN.COM" --auth-negotiate-delegatewhitelist="MYIISSERVER.DOMAIN.COM" --auth-schemes="digest,ntlm,negotiate"
I tried running the command line but it wasn't working. I had to configure the same settings via the Windows Registry:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"AuthSchemes"="basic,digest,ntlm,negotiate"
"AuthServerWhitelist"="*domain"
"AuthNegotiateDelegateWhitelist"="domain,server.domain.com"
Then I Killed Chrome (cmd line: TaskKill /im chrome.exe) and restarted chrome and tried again and voila. Everything worked as expected.
I have a rails application running on nginx + unicorn and I want that users can login in with their Active Directory crendentials. I've already implemented connecting to AD server and authenticating users, but they need to enter passwords.
Is it possible to somehow get this information on this setup? I've found some topics about this problems, but they don't quite explain how to solve this problem and most of the answers are for IIS sever.
I know that it propably can work only in Internet Explorer.
Signing in automatically is handled by the web server, not your application. Since you are using nginx, there are a couple of third party modules you can use, such as spnego-http-auth-nginx-module or nginx-mod-auth-kerb. IIS has support built-in, of course.
Once you've set up the web server, your application can retrieve the user's username from the REMOTE_USER environment variable. Internet Explorer will automatically log in; Firefox and Chrome will do so if they have been configured for the domain by the system administrator, but this is off by default.
Scenario
User A can access all pages in MVC4 website except one. But user B can access all pages (no restriction).
What I had done so far?
Deployed website on IIS 7.5.
Enabled window authentication and disabled Anonymous authentication for hosted website on IIS.
Testing website.
Testing Results -
(1) When User B is logged on same system (development system) where the website is deployed, he can access the website without prompt dialog.
(2) But when same website is published on server (production system) with same settings, website still asks for credentials with pop up.
** Both of the development system and production system are in same domain (let's name it domain.com).
Question
Why is the same user in same domain is been asked for credentials by website?
As per my research for Window Authentication, I want to conclude following lines (also as reference for me) -
(1) Window Authentication (abbrev. WA) will always show prompt for verifying users if you had configured WA properly.
See anonymous authentication disabled and windows authentication enabled in below snapshot.
(2) Even if one set NTLM as top provider than Kerberos (in IIS), the IIS will still ask for Window credentials. Snapshot show how to do that.
(3) If you want to avoid showing prompt on browser for WA, follow steps-
(a) Open IE browser --> Internet Options --> Security tab.
(b) Add site to Local Intranet zone so that browser will send logged-in username and password to IIS.
Note - The above points universally apply to MVC and ASP.NET.
Answer to my question Why is the same user in same domain is been asked for credentials by website?
Because I had set anonymous authentication enabled along with Window authentication on development system. (Silly mistake).