tags:

views:

2049

answers:

3
+3  Q: 

ASP.Net site using Windows Authentication pops up "Authentication Required Window" a lot in Firefox

I have an ASP.Net application where I am using Windows authentication to deny access to some components via roles. When using IE, the site pops up the "Authentication Required" box once, allows the user to enter their username/password for Active Directory, and all is fine.

HOWEVER, when using Firefox, it's "Authentication Required" box pops up, but when you click 'ok', it comes up again! It stays up a few dozen times! If you click cancel to all of them, it fails properly, denying access to the site. If you click cancel to all but 1 (Which you authenticate properly), it acts like you were properly authenticated.

My goal here is to have Firefox act like IE, and only ask the user once.

A: 

you could get Firefox to behave exacylt like IE by adding the site to about:config >> network.automatic-ntlm-auth.trusted-uris then firefox will use Windows Auth for the site

Christopher Kelly  2009-07-08 02:18:42
This actually does not work, it still asks for credentials a bunch of times. My other problem is this is I dont have total control over the user's environment.
Erich  2009-07-08 02:26:59
A: 

Maybe it would be best to redesign your login/authentication system such that authentication is asked only when the user first views/logs-in to the website (i.e. a login.aspx page) so that after that the users's credentials are cached throughout your website.

ThatGuy  2009-07-08 03:01:45
This is how Windows Auth is supposed to work. It asks via the normal browser pop-up for the authentication information (returning a 401 if the browser doesn't send proper authentication information).IE seems to be 'caching' this for the entire download-transaction, however Firefox seems not to. I'm beginning to think this is an improper implementation on firefox's part.
Erich  2009-07-08 03:05:48
+3  A: 

This forum post recommends updating your web.config to allow anon on WebResource.axd: http://forums.asp.net/p/1295804/2515478.aspx#2515478

Not ideal - I don't really understand WHY axd requests are behaving like this.

NOTE: NTLM requires keep-alive, if you install fiddler or firebug you should be able to see the "Connection: keep-alive" messages in the request header: http://davenport.sourceforge.net/ntlm.html#ntlmHttpAuthentication

russau  2009-07-08 03:13:39
From what you gave me, i found this: http://www.jimandkatrin.com/codeblog/2007/09/anonymous-access-with-webresourceaxd.html which is basically the same problem I was having.Additionally, I had 'digest auth' instead of 'integrated auth'. Now it even uses the current account if the user has permissions.Thanks!
Erich  2009-07-08 04:28:16

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps