Integrated Windows Authentication not working 1

[LittlBUGer]

Hello. I have a simple ASP.NET 1.1 site on my work's intranet that works fine and all, except for one thing: the browser always asks for a username and password even though Integrated Windows Authentication is enabled on our Windows Server 2003 that's running the site. The browser shouldn't be asking for a username and password as it should use the credentials from the user who's logged into the domain. Is there anything special I must do to IIS to get this to work? I'm almost 100% positive it's nothing with my code on the ASP.NET website as the browser/IIS authentication always comes before anything with ASP.NET. Any suggestions? Thanks.

http://downloads.littlbuger.info

"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - Albert Einstein

 

[Kozimoto]

It's probably not your code unless you have something in your code trying to access a remote server, or a virtual directory in IIS pointing to a remote resource. If you do have virtuals pointing to other servers or shares, look in IIS and make sure the domain account used can access that resource.

You didn't mention if entering credentials actually brings up the page when challenged, or if you tried it with other browsers, but a couple of things you can look into are:

Try another browser. If it works, check the following in IE.

IE browser setting:
Under Tools/Internet Options in IE, check the security tab settings and look for User Authentication. Here's an explanation for all of the choices.

USER AUTHENTICATION
Logon
This setting controls how you authenticate to Web sites. The following are the four possible
choices for this setting:

Anonymous Logon—Internet Explorer will disable authentication and use the Guest account of
the Web server you are visiting for access to the site’s resources.

Automatic Logon Only In Intranet Zone—This option allows you to automatically logon to Web sites that are in the Intranet zone that you have setup. You will be prompted for a username
and password for all other sites.

Automatic Logon With Current Username And Password—This option automatically logs you on with your current username and password, however, it only works if the Web server you
are connecting to supports NT Challenge/Response. If not, you’ll be prompted for your username
and password.

Prompt For Username and Password—This option, of course, prompts you for your username and password.

If the last one is selected by default, and this is a Intranet only app, change it to #2 or #3 and give it another try. If it continues to prompt...continue reading.

Also, since it's a .NET app, make sure the ASPNET account has the appropriate permissions on the physical folders where your .NET code is living. Remove the Everyone group off the ACL's if present or inheriting from parent directories remove inheritance for this folder, remove the Everyone group, and apply the changes to the root folder of your app and all sub folders.

Lastly, you can download AuthDiag.exe from MS and point it to your site. It will walk you through how to diagnose authentication issues in IIS and give you some useful clues.

Let me know if these suggestions do not solve the issue and we can dig a little deeper.

 

[WhoKilledKenny]

Implementation
To implement Kerberos or NTLM, configure IIS to use Integrated Windows authentication. If you need to support clients other than those running Internet Explorer, you may want to enable Basic authentication in conjunction with NTLM or Kerberos. For more information, see Enabling and Configuring Authentication in the IIS Documentation (

http://www.microsoft.com/windows2000/en/server/iis/htm/core/iiauths.htm?id=76).

To use Kerberos, you need to consider these specific details:

You must run the client and server computers on Windows 2000 or later, and they must be in a Windows 2000 or later domain.
You must enable the client's user account for delegation.
You must enable the service's account for delegation.
You must enable participating computers for delegation.
If your ASP.NET application needs to run as the user authenticated by IIS using integrated Windows authentication, use the following Web.config configuration. For more information, see ASP.NET Authentication.

<!-- Web.config file -->
<system.web>
<authentication mode="Windows" />
</system.web>


Also, from out in left field - Are you being prompted or authentication by the Domain, Or by a Proxy server (like ISA). It may be that you need to add the Intranet server URL in the Allowed web-sites within your proxy server. May not be the issue in your case, but have seen this in other environments....

 

[LittlBUGer]

Hello. I'm sorry I didn't reply earlier, but I already fixed my issue before either of you replied, though interestingly enough, it kind of has to do with what both of you said. I had to go into IE7 and add the site link (an IP in this case) to the Intranet Trusted Sites list and then all was fine. Kind of a pain, but oh well. Thanks for your help.

http://downloads.littlbuger.info

"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - Albert Einstein