Automatic authentication on Intranet 1

[delsdba]

Hi, I am fixing an ASP.NET Intranet and trying to authenticate users without using a password dialogue.

I have Windows authentication and impersonate on.

In the web.config file if I have something like
<system.web>
<authorization>
<allow users="myDomain\allowedgroup" />
</authorization>
</system.web>
then users can access the area fine

However as soon as I change it to
<system.web>
<authorization>
<allow users="myDomain\allowedgroup" />
<deny users ="*"/>
</authorization>
</system.web>
then users are asked for their username / password.

After they have supplied it they are fine but I would really like to remove this requirement.


We are on an Intranet so there must be a way of Windows passing IIS the required details.


In Directory Security tab of IIS I only have "Windows Integrated Authentication" enabled.


What change would be required for Windows / IE to pass the user/pass to IIS ?


Thanks in advance,
Dels

 

[jbenson001]

Why are you adding?:

<deny users ="*"/>

The "*" means everyone, so, you are telling the app to deny everyone, and so you get the prompt.

 

[adamroof]

check out my FAQ - faq855-5377

what is the URL of your intranet site?
is it like webserver.domain.internal?

<system.web>
<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<allow roles="DOMAIN\Domain Users"/>
<deny users="*"/>
</authorization>
</system.web>

 

[jbenson001]

Great FAQ adamroof

 

[adamroof]

thanks...
if its not the auth mode in web config, i think its like my buried comment at the bottom of the FAQ..(wrote it 2 years ago) so a little spaghetti on the coding.

One final point is that if you access your Intranet via IE5.5 or greater, AND you use the FQDN to connect (

http://myserver.mydomain.ent)

then IWA will still prompt you for your credential UNLESS you add the site to your Intranet Zone in IE Internet Options. OR YOU CAN access the site WITHOUT a dot (

http://myserver)

then it wont prompt you! It will be transparent.