views:

210

answers:

4

I'm developing a website which will be used in the corporate intranet which uses JCIFS and NTLM to automatically authenticate the users without asking them to log on. Everything seems to be working in IE 6, but some users are being prompted for their passwords in IE 7.

We've had some success by getting the users to change their Logon option to "Automatic logon using current username and password" (Tools > Internet Options > Securty Tab > Select Local Intranet > Custom Level > All the way at the bottom User Authentication > Logon), but we are still having a few users who are getting username/password prompts.

Also, we've had some users report they can just click cancel when the prompt comes up and the page will come up correctly.

If anyone has any other suggestions, I'd greatly appreciate them.

A: 

I can definitely relate to your IE troubles, here. We have run into similar issues in the past.

Check your intranet pages' references. If you have an image on another server, or something like that, your users may be prompted for credentials if that server is not considered to be on your intranet.

Otherwise, you could always play IE setting roulette. Just take turns turning different "Internet Options > Security > Custom Level... > Security Settings" settings on and off.

EndangeredMassa
A: 

If you access an intranet Web site by using an IP address or a fully qualified domain name , or a url with a dot in it the Web site may be identified as in the Internet zone instead of in the Local intranet zone.

http://support.microsoft.com/kb/303650

Gibbons
+1  A: 

You may also want to try having your users add your domain to their trusted sites list. I know that I had to do that to get our sites working with NTLM.

Jon Works
A: 

Turned out that the new security settings on the laptops required NTLMv2 which is not well supported by the JCIFS NLTM library.

After some research, found out that JCIFS implementation of NTLM is very hacky (as described by the JCIFS devs) and they're removing support in the next major version of JCIFS. We've moved to using the Tomcat IIS Connector (http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html), which works much better.

Thanks everyone for your responses.

Andrew Hampton