views:

2564

answers:

4

I've been having trouble getting my ASP.NET application to automatically log users into the Intranet site I'm building. No matter the googling or the experimentation I applied, there is always a login box displayed by IE7.

I've got Windows authentication mode set in the Web.config, disabled anonymous access and configured the correct default domain in IIS, but it's still asking the user to log in and, more annoyingly, the user is required to provide the domain too (DOMAIN\auser), which is causing problems with non-technical visitors. Thank Zeus for password remembering functionality.

I'm not the network administrator so it's possible that something about Active Directory is set up incorrectly, or it could just be me missing something very simple. Please note that I don't want to impersonate the user, I just need to know that the IPrincipal.Name property matches that of a valid record in my user database, hence authenticating the user to my application.

To this end, it would be very useful to have a checklist of all configuration requirements for AD, ASP.NET and IIS to work together in this manner as a reference for debugging and hopefully reducing some user friction.

+5  A: 

It sounds like you've covered all the server-side bases--maybe it's a client issue? I assume your users have integrated authentication enabled in IE7? (Tools -> Internet Options -> Advanced -> Security). This is enabled by default.

Also, is your site correctly recognized by IE7 as being in the Local Intranet zone? The IE7 default is to allow automatic logon only in that zone, so users would be prompted if IE thinks your site is on the internet. I believe using a hostname with a dot in it causes IE to place the site into the Internet zone.

Mike Powell
I finally got the chance to test this and changing the domain to one without a dot worked instantly!
tags2k
Ha! I thought you'd forgotten about me. Glad it's sorted out.
Mike Powell
This one was a great answer!
Nelson Reis
A: 

Thanks Mike, my local domain is actually wip.agency so this could very possibly be the case. I will investigate tomorrow and return with my findings.

tags2k
A: 

In IIS, enable annonymous access and allow the web.config to handle user authentication.

If this doesn't work, please can you send a sample of your web.config.

GateKiller
A: 

open "Active Directory Users and Computers" MMC snap in expand "computers" section from treeview (left side) check if the computer is registered in your domain.

Also, you have to login with a domain account on that computer, otherwise that authentication box will be shown.

Dani