Windows authentication - get prompted

[David Thielen]

Hi;

I have my ASP.NET app set to use Windows authentication. When running from
VS 2005 using the integrated webserver, the website knows who I am and I have
zero signon.

But when I copy the website to IIS on Win2003 it pops up the dialog box
asking me to sign in. I enter my domain\username and password and then it all
works fine.

Why am I getting prompted for my uname/pw? The server is on the domain as is
my workstation. My web.config is:

<authentication mode="Windows"/>
<identity impersonate="true"/>
<authorization>
<allow roles="windward\Windward Administrators, windward\Windward Users"/>
<deny users="*"/>
</authorization>
<roleManager enabled="true"
defaultProvider="AspNetWindowsTokenRoleProvider" />

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

 

[Steven Cheng[MSFT]]

Hello Dave,

Based on the issue description, I think the problem could be caused by the
following things:

** You use integrated windows authentication in IIS(of your asp.net
application's virtual directory)

** the Applciation virtual directory has allowed anonymous access.

When developing through VS 2005 integrated testserver, it automatically
running under your logon user. However, when under IIS, if you allow
anonymous, the client user(browser side)'s account won't be passed to
server and when your appilcation's authorization reject the access, it
prompt for user credential.

You can check in the IIS to verify this, if there is any other finding or
question ,please feel free to let me know.



Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



This posting is provided "AS IS" with no warranties, and confers no rights.

 

[David Thielen]

Hi;

anon access was allowed. But I unselected it, restarted IIS, and still have
the same problem. Is there anything else it could be?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

 

[Steven Cheng[MSFT]]

Hi Dave,

If the problem still remains, there must have some other resources that is
protected and which is intermediately accessed by your page. Do you get the
credential prompt on every page or just when visiting some certain page? We
can try isolate the problem and perform further check against the page.
Also, in IIS log, you can check to see wehther there is log entry indicate
the resource that return access denied error at first visit.


Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



This posting is provided "AS IS" with no warranties, and confers no rights.

 

[David Thielen]

Hi;

Nothing in the IIS log file except for GET requests that are successful. And
it happens once when I hit any page as the first page in my app. After I
login then it works fine for all pages.

So it seems like somehow IE is not passing my credentials to IIS in the
request or IIS is ignoring them and prompting for them. Is there something I
need to set in my web.config and/or in IIS so it just gets them?

The username/password I enter is my Windows one that I am logged in to my
workstation with.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

 

[Steven Cheng[MSFT]]

Thanks for your reply Dave,

Seems a bit unexpected. If the test server works ok, as long as the IE
client pass the credential correctly and IIS virtual directory use
integrated windows(disable anonymous access) authentication, it should
works. You can use the Context.User.Identity.Name to check whether the
authenticated user is the expected one.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

 

[David Thielen]

Once I enter my password it is the expected user - windward\dave.

Until I enter my password the user is not authenticated.

Again, this only happens on IIS - on the test server it works as expected.
It happens for any page I hit first. And once I enter my uname/pw I can then
go to any page and it keeps my identity.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

 

[Steven Cheng[MSFT]]

Thanks for your reply Dave,

If the username/password credentials you input is the same as your current
logon useraccount(on client machine), seems there is something incorrect
with the client browser to send credential to server-side. Have you made
sure that the server virtual directory is using integrated windows rather
than basic authentication? if so, I suggest you test through multiple
client to see whether the problem specific to one client only.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

 

[David Thielen]

It's an IE setting - it sends credentials if there is no . in the url such as
localhost but does not if there is such as beta.windward.net.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

 

[Steven Cheng[MSFT]]

Thanks for your reply Dave,

I think this makes much sense. IE browser will only send credential
automatically when connect to local intranet site or trust site, also you
can view this setting in the security tab when choose the "tools ---->
options " menu. For "beta.windward.net", I think it is treated as an
internet site, therefore the browser doesn't send credentials
automatically. So there is nothing incorrectly with your application.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.