ASP.net app with Windows authentication challenging one user only on second visit

T

Tom Ketter

Hi All,

I have an intranet application that uses ASP.net Windows
authentication. It has been working flawlessly for the past year.
Recently, one employee has experienced a problem accessing the site.

*When the user first re-starts his computer and connects to the site,
it recognizes him and functions normally.

*If he closes the browser and attempts to re-connect, it will present
the authentication dialog.

*Currently, no other users are experiencing this problem.

*It surfaced when this user began using a new computer.

Any ideas would be greatly appreciated!

Thanks,
Tom
 
J

Jim Cheshire [MSFT]

Hi Tom,

It's hard to say what's going on without a Netmon trace to see where
authentication is failing. I have just started a multi-part series on our
Web site on troubleshooting ASP.NET. The first entry in that series is
directly related to this kind of issue and demonstrates how to use Network
Monitor to troubleshoot issues like these. It should be posted very soon
and the URL is
http://support.microsoft.com/default.aspx?scid=FH;EN-US;aspsupvis.

Jim Cheshire [MSFT]
MCP+I, MCSE, MCSD, MCDBA
ASP.NET Developer Support
(e-mail address removed)

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------
| From: (e-mail address removed) (Tom Ketter)
| Newsgroups: microsoft.public.dotnet.framework.aspnet.security
| Subject: ASP.net app with Windows authentication challenging one user
only on second visit
| Date: 5 Nov 2004 12:16:05 -0800
| Organization: http://groups.google.com
| Lines: 20
| Message-ID: <[email protected]>
| NNTP-Posting-Host: 12.46.141.20
| Content-Type: text/plain; charset=ISO-8859-1
| Content-Transfer-Encoding: 8bit
| X-Trace: posting.google.com 1099685765 11521 127.0.0.1 (5 Nov 2004
20:16:05 GMT)
| X-Complaints-To: (e-mail address removed)
| NNTP-Posting-Date: Fri, 5 Nov 2004 20:16:05 +0000 (UTC)
| Path:
cpmsftngxa10.phx.gbl!TK2MSFTFEED02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.s
ul.t-online.de!t-online.de!news.glorb.com!postnews1.google.com!not-for-mail
| Xref: cpmsftngxa10.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:12170
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
|
| Hi All,
|
| I have an intranet application that uses ASP.net Windows
| authentication. It has been working flawlessly for the past year.
| Recently, one employee has experienced a problem accessing the site.
|
| *When the user first re-starts his computer and connects to the site,
| it recognizes him and functions normally.
|
| *If he closes the browser and attempts to re-connect, it will present
| the authentication dialog.
|
| *Currently, no other users are experiencing this problem.
|
| *It surfaced when this user began using a new computer.
|
| Any ideas would be greatly appreciated!
|
| Thanks,
| Tom
|
 
C

Chris Mohan

I had to trouble shoot a similar problem last week.

Is this user accessing the network via VPN? In my company all browsers have
the urls of our intranet apps listed in the "Trusted Site's Zone" list of
sites in internet explorer AND this zone is set to automatically pass thier
workstation login information to sites in the trusted zone(not a good idea if
people start listing arbitrary sites-- we might have actually done this for
the "Local Intranet" zone.)

Anyway.. after alot of troubleshooting with the user over the phone here's
the pattern i observed.

If the user initiates a VPN session before attempting to access the site
then (whether or not the VPN session is active at that particular moment then
the user is not challeged for her credentials and automatically gains access
to the iste.)

HOWEVER, if the user attempts to access the site BEFORE initiating the VPN
session.. then the authentication dialog box launches. This user logins to
her laptop using her network account.

My "reading" of that is: initiating a VPN session must set some kind of
authentication token on the client machine that persists throughout the
workstation logon session. If VPN hasn't "talked" to the network prior to an
attempt to access an internal resource then the credentials don't get
passed(or arent' recognized as valid.. or something.)

Hope that helps
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top