Receiving login prompt using integrated windows authentication
2015-11-16 12:29
501 查看
I have a .NET 3.5 application running under IIS 7 on Windows 2003 server and cannot get integrated windows authentication working properly as I continue to get prompted for a login. I have set Windows Authentication to enabled in IIS with all other security
types disabled and my application web.config file authentication/authorization is set up as:
With this setup, I'm expecting behind the scene verification of the Windows user to allow access and deny anonymous users. However, what I'm getting is a Windows login pop-up when I try to access the site.
I have been troubleshooting this issue for a few days now and cannot figure out the problem. Based on posts with similar problems, I confirmed my URL does not include any periods, double checked that my IE settings are set to Enable Integrated Windows Authentication,
and also added my URL to my intranet sites, but still getting the pop-up.
To troubleshoot it further, I enabled Anonymous Authentication in IIS and modified my web.config file to which lets me right in and then added Response.Write(System.Security.Principal.WindowsIdentifity.getcurrent().user.name.toString()) to try to see what user
is being used in the authentication. The result I'm getting is IIS APPPOOL\myapp which is obviously the IIS application pool for my application.
I really appreciate any help anyone can provide so that I'm still using only windows authentication but don't get the pop-up and the windows authentication is performed against the actual Windows user.
Thanks.
Additional note after troubleshooting further:
Just noticed that when the login fails and the Windows login prompt displays again, it is showing the username that attempted to login as "SERVERNAME"\"USERNAME" which led me to believe it was trying to validate the user against the server vs. the domain. To
confirm this, I created a local user account directly on the app server with the same username and password as the network domain user and tried to login again. The result was that I received the login prompt again but when I entered the username and password
this time, I was able to successfully login. The network user and app server are on the same domain so really not sure why IIS authentication is pointing to the local app server accounts and not to the domain accounts. I realize this is an IIS question at
this point so posting on forums.iis.net as well but appreciate any advice anyone may have since have been troubleshooting this for days.
Solution:
Don't create mistakes on your server by changing everything. If you have windows prompt to logon when using Windows Authentication
on 2008 R2, just go to
move UP
each your application. When
first one in the list, Windows Authentication can stop to work property for specific application on 2008 R2 and you can be prompted to enter username and password than never work. That sometime happens when you made an update of your application. Just be sure
than
first on the list and you will never see this problem again.
types disabled and my application web.config file authentication/authorization is set up as:
<system.web> <compilation debug="true" strict="false" explicit="true" targetFramework="3.5" /> <authenticationmode="Windows"/> <authorization> <deny users = "?" /> </authorization> </system.web>
With this setup, I'm expecting behind the scene verification of the Windows user to allow access and deny anonymous users. However, what I'm getting is a Windows login pop-up when I try to access the site.
I have been troubleshooting this issue for a few days now and cannot figure out the problem. Based on posts with similar problems, I confirmed my URL does not include any periods, double checked that my IE settings are set to Enable Integrated Windows Authentication,
and also added my URL to my intranet sites, but still getting the pop-up.
To troubleshoot it further, I enabled Anonymous Authentication in IIS and modified my web.config file to which lets me right in and then added Response.Write(System.Security.Principal.WindowsIdentifity.getcurrent().user.name.toString()) to try to see what user
is being used in the authentication. The result I'm getting is IIS APPPOOL\myapp which is obviously the IIS application pool for my application.
I really appreciate any help anyone can provide so that I'm still using only windows authentication but don't get the pop-up and the windows authentication is performed against the actual Windows user.
Thanks.
Additional note after troubleshooting further:
Just noticed that when the login fails and the Windows login prompt displays again, it is showing the username that attempted to login as "SERVERNAME"\"USERNAME" which led me to believe it was trying to validate the user against the server vs. the domain. To
confirm this, I created a local user account directly on the app server with the same username and password as the network domain user and tried to login again. The result was that I received the login prompt again but when I entered the username and password
this time, I was able to successfully login. The network user and app server are on the same domain so really not sure why IIS authentication is pointing to the local app server accounts and not to the domain accounts. I realize this is an IIS question at
this point so posting on forums.iis.net as well but appreciate any advice anyone may have since have been troubleshooting this for days.
Solution:
Don't create mistakes on your server by changing everything. If you have windows prompt to logon when using Windows Authentication
on 2008 R2, just go to
Providersand
move UP
NTLMfor
each your application. When
Negotiateis
first one in the list, Windows Authentication can stop to work property for specific application on 2008 R2 and you can be prompted to enter username and password than never work. That sometime happens when you made an update of your application. Just be sure
than
NTLMis
first on the list and you will never see this problem again.
相关文章推荐
- 设置maven 输出编码问题
- [转] Python特殊语法:filter、map、reduce、lambda
- TinyOS的个人见解2之ncc编译过程
- 建造者模式
- 火车
- 文档分享-Activiti 5.16 用户手册
- SQL SERVER 2008 R2安全配置与防暴力破解
- ASCII码之和最大
- #ifndef #define #endif
- jsp+servlet+javabean实现数据分页方法完整实例
- tomcat 内存溢出错误记录
- PHP-数组生成xml数据
- 用Wireshark简单分析HTTPS传输过程-抓包过程
- 理解LSTM网络
- 修改Linux时间一般涉及到3个命令: date, clock, hwclock
- DRBD+Heartbeat+MySQL高可用
- css 定制Suckerfish下拉菜单
- PHP开发安全问题总结
- Redis配置不当可导致服务器被控制,已有多个网站受到影响 #通用程序安全预警#
- process Launch Failed:failed to Get the Task for Process XXXX(解决方案)