Im developing .Net 4.5 Web intranet project. My problem is there is some users can directly login with Windows authentication but also there is some users which they need to login the system with anonymous authentication due to the their company policy there is no posibility that they can add system configuration as trusted network or forest. Therefore system should check windows auth and if it fails without showing the windows prompt screen, should check the anonumys auth and users should login via form (LDAP) but due to the ecosystem of IIS it check anonymous authentication. I tried some solution but they didn't work on Microsoft Server 2012 R2. Is there any way that i can make this happen?
In Conclusion, I need to find a way to check IIS Windows auth after that anonymous Authentication. I found some solutions but they don't work on Microsoft Server 2012 R2. Also tried to get Windows Credentials such as Domain\username. I got it when there is only Windows Auth but when there is Windows and Anonymous authentications are enabled or only Anonuymous authentication is enabled, i couldn't get it because of anonymous authentication. Thanks in advance.
Related
I'm working on a .NET MVC web app, and I'm using Windows authentication. My IE has "Integrated Windows Authentication" enabled, and it works when I navigate to other sites hosted on the same IIS server (a.k.a I am not prompted for login). However when I go to this one page and call an API method, base.isAuthorized(actionContext) evaluates to false in the C# code, resulting in me being shown the login dialog. Correct me if I'm wrong, but I thought Windows Authentication would authenticate me right when I enter the webpage... why am I still prompted for credentials?
Authentication settings can be different for each web site on the server. Check your IIS settings for this particular web site. Make sure that Windows Authentication is enabled, and that Anonymous Authentication is disabled.
I receive a Windows login prompt when accessing a site on IIS with a host other than localhost.
For example,
http://localhost/mysite -- works
http://ipaddresss/mysite -- login prompt
If I enable Anonymous Access in the IIS settings for the web application, the prompt goes away and I can access the site fine. I have Windows Authentication enabled as well.
I want to be able to disable Anonymous Access without getting the windows login prompt.
Windows IIS 7.5
Windows Server 2008 R2
ASP.NET 4.5 MVC Web application
This does not seem to be browser related. I get the same behavior whether it's IE or Firefox.
This is what I did to resolve the problem.
In IE, I added the IP address to the local intranet sites in the Security tab.
Apparently Windows Integrated Security is only guaranteed in IE.
I used this Knowledge Base Article as a reference. http://support.microsoft.com/kb/258063
It's an internet setting, which can be changed in IE or the control panel.
Internet Options -> Security -> Local Intranet -> Sites - Making your your site/domain is in the list
IE is prompting for windows credentials if it's not in the Intranet Zone or not in the list of intranet sites. Add the site to your intranet zones list for automatic login.
I have web application which needs to access user mail box using EWS.
I am having trouble implementing impersontation.
If I impersonate my application in IIS or do run time impersonation and browser through localhost it works fine, however neither impersonation (using IIS config or runtime) works when i browse my application using IP.
I have tried Basic Authenticatio/Anonymous Authentication along with windows auth but failed to get it working. I tried my app to use either/both NTLM and Kerberos.
Ideal configuration for my app is only windows authentication on NTLM.
Please help if someone has faced this issue.
App should run for a account, but should impersonate user when needed to access his/her mailbox. I am running .net 4.5 on IIS 7.5
What you are seeing is the server double-hop authentication issue. By default Windows does not allow the user's credentials to be delegated from the web server running your ASP.NET site to your Exchange server. It works locally because there is only a single server hop as you are logged in to the machine running the ASP.NET site.
Kerberos is the way to go to make it work. You have to set your web server up to be trusted for delegation. I have no idea how to actually do this but this SO question may help you:
How can I fix the Kerberos double-hop issue?
Scenario:
https asp/asp.net website running of IIS 7.5 (windows server 2008)
IIS currently configured to allow anonymous authentication and forms authentication ,asp.net impersonation are disabled while windows authentication is not installed (I understand that windows authentication needs to installed for this.)
a single custom login page for both internal and external users
Requirment:
Internal users seamlessly login while capturing their LOGON name (window authentication)
External users (not on domain) should be prompted a manual login
Questions:
What approach can be used to implement this?
Looking for the IIS 7.5 and web.config settings
Approaches Found:
make 2 pages within 1 website, winlogin and weblogin(front page). Allow windows auth=true and anonymous auth=false on winlogin.aspx and vice versa on weblogin.aspx
user with a ip hits weblogin, if ip is known redirect to winlogin to capture logon and redirect to weblogin if the ip is unknown
have winlogin.aspx as the main page and redirect 401 errors to weblogin.aspx
This is how to configure IIS for integrated authentication.
http://netpl.blogspot.com/2012/06/iis-75-integrated-security-with-no.html
This will make your site available for intranet users WITHOUT the prompt for credentials.
Note that this also works for web users. A built-in web browser window is displayed as a result of HTTP 401. A user provides his/her credentials and is in.
If you rather want to show your custom web form as a result of 401 (unauthorized), you'd have to trick the browser a little:
http://www.codeproject.com/Articles/11202/Redirecting-to-custom-401-page-when-quot-Access-de
This way you can redirect an unauthorized response to a web form of your choice (for example, to show an asp.net login form).
Although the integrated authentication can be easily configured, prepare for a lot of experiments when setting up your mixed (integrated/forms) authentication. Things change with every version of IIS; also IIS7 behaves differently if a pool is in classic vs integrated mode.
For an ASP.NET MVC 2 application, we are using HttpContext.User.Identity.Name to get the user name for authentication purposes. This works fine when testing. Users who are in the database are able to access areas for which they have permissons, and redirected to a 401 page otherwise. The 401 page displays their username, explaining that this user is not authorized to access this content.
However, in a deployed environment, all attempts to access any portion of the application redirect to the 401 page, and the displayed username is blank!
How can we enable the deployed application to access the username of the request?
From my research, I should go to the following screen and enable Windows Authentication, but it's not in the list!
We had an issue like this to, what we ended up doing was turning off Anonymous Access in IIS. Remember to check the Integrated box at the bottom.. Hope this helps
Ah, if you are using IIS 7, you probably need to install it first! Here's a good overview. FTA:
The default installation of IIS 7 does not include the Windows
authentication role service. To use Windows authentication on IIS, you
must install the role service, disable Anonymous authentication for
your Web site or application, and then enable Windows authentication
for the site or application.
If you're not seeing it as an option, you probably don't have it installed.
(Dictated from my Winodws 7 machine,) Go to your Start menu and type: Turn Windows features on or off.
Next, in the dialog's treeview, go to Internet Information Services - World Wide Web Services - Security and then check the Windows Authentication checkbox.