tags:

views:

2473

answers:

3
Q: 

Windows Authentication prompts for username/password

I am trying to deploy an application in a client network, with AD/domain controller.

My application is a simple asp.net c# application, using windows authentication.

I am using win2003.

Basically, using VS2008, create a new website, hosted on IIS6.0. Only 2 changes. 1. On IIS Directory security for the application, enabled "Integrated Security".
Note: anonymous is also enabled.

Only one change to the skeleton code generated. Add below to the page_load method of default.aspx

using System.Security.Principal;
...
protected void Page_Load(object sender, EventArgs e)
{
    WindowsIdentity id = WindowsIdentity.GetCurrent();
    Response.Write("<B>Windows Identity Check</B><br>");
    Response.Write("Name: " + id.Name + "<br>");
    Response.Write("<BR>");
    Response.Write("User.Identity: " + User.Identity.Name);
    Response.Write("<BR>");
}

Output of browsing to the page: Windows Identity Check- Name: NT AUTHORITY\NETWORK SERVICE User.Identity:

The User.Identity.Name does not output the current username.

As discussed in this article http://weblogs.asp.net/scottgu/archive/2006/07/12/Recipe_3A00_-Enabling-Windows-Authentication-within-an-Intranet-ASP.NET-Web-application.aspx

I added:

<authorization>
    <deny users="?"/>
</authorization>

From what i userstand is that, when this is added, I can get the current users, username from User.Identity.Name.

However, once I added the above, the browser now prompts me for a username and password. Once I enter it, I am able to use User.Identity.Name to get the username. However I do not want the username/password pop up to appear. I want the application to authenticate the user based on their network credentials.

Am I missing something?

A: 

What URL is your site using, and what's the IE zone? If your app is running outside of the LocalIntranet zone, passthrough authentication is blocked, always prompting for User/Password.

Christopher_G_Lewis  2009-03-03 04:39:43
minalg  2009-03-03 04:51:29
Can you add the relevant IIS logs to your question - looking for the 401/200 series of log items.Also can you try http://127.0.0.1/site and see if you get prompted?
Christopher_G_Lewis  2009-03-03 17:28:50
A: 

Is "Enable Windows Integrated Authentication" selected in IE's Internet Options?

Do both the IUSR_ and username you're entering have Read and Execute permissions to the directory where the application is hosted?

Does the application's directory reside on the IIS server, or is it located on a share, where Windows share permissions would come into play?

Eric H  2009-03-22 19:48:06
A: 

Check that internet explorer knows the site is part of local intranet zone. Also, under the settings for intranet zone check that automatic logon is enabled.

pipTheGeek  2009-03-22 20:05:27

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)