3

I have developed an application to allow windows authentication and hosted it to the live server. in my local pc i am able to get the username password. but when i am accessing from web (e.g. websso.mydomain.com) it keeps asking credentials even after i entered correct credentials.

<authentication mode="Windows">
</authentication>

<authorization>
  <deny users="?" />
</authorization>
<identity impersonate="true"/>

i have added above tags in web.config, hosting server is windows server 2008 R2. I have tried to get username from 

WindowsIdentity.GetCurrent().Name
Environment.Username
Request.ServerVariables["LOGON_USER"]
Request.ServerVariables["AUTH_USER"]
HttpContext.Current.Request.LogonUserIdentity.Name

Is there any changes which needs to do in IIS or any steps to follow to configure windows authentication.

Installed IIS version is 7.5

Ketan Panchal
  • 230
  • 1
  • 2
  • 9
  • Looks like you have a kerberos authentication problem... What providers are active in the windows authentication properties in ISS? If you are fine with pure NTLM authentication, try to get rid of all other but the NTLM authentication provider of the windows authentication settings in IIS. If you have to use kerberos, then you need to register some SPNs in case the app pool is running under a technical domain account. Also ensure, that the users have at least read access on the web directory – AcidJunkie Apr 08 '14 at 17:51
  • I have used NTLM authentication, and have set at top of order. I wants to know is there any more configuration i need to do? or have to assign access to particular group? – Ketan Panchal Apr 09 '14 at 06:07
  • try to remove all other providers than NTLM and then restart IIS. This could help. Also try to grant Read&Execute to "Authenticated Users" on the directory of the web site. – AcidJunkie Apr 09 '14 at 11:55
  • I did the same as you suggested, i have now added a tag but still same response. – Ketan Panchal Apr 09 '14 at 12:07
  • you should these users on the file system. in order to get it working, try to do the following changes in the web.config:
    ` `     – AcidJunkie Apr 11 '14 at 12:29

4 Answers4

2

I had a similar issue recently, try ensuring that the windows user has read access to the directory on the server.

DLeh
  • 23,806
  • 16
  • 84
  • 128
  • i have given read and execute access to authenticated users.. isbthere any other group whpm i need to give access? – Ketan Panchal Apr 09 '14 at 02:51
  • Is there any group like "Windows users" i did not found any thing like windows users. – Ketan Panchal Apr 09 '14 at 06:08
  • 1
    @kbpanchal There is a group called `MACHINENAME\Users`, and if the machine is in a domain, there should be `DOMAINNAME\Domain Users` group. @DLeh thanks this solved my issue – deherch Jan 04 '16 at 16:06
2

Checkk application pool owner in IIS

It should be network services

user5243764
  • 21
  • 2
  • 3
    Welcome to StackOverflow. Could you give more information on how someone could do this? To make your answer really useful for anyone that might be experiencing this same problem, if you edit your answer to give more detailed steps it would be better. – Aaron D Aug 19 '15 at 14:12
2

websso.mydomain.com looks like internet domain name, not intranet domain name because it has sections. According to https://support.microsoft.com/en-us/help/258063/internet-explorer-may-prompt-you-for-a-password you should use domain name without sections (e.g. http://websso/) or add your domain name to security settings of client browsers

Alex
  • 361
  • 4
  • 5
  • **This worked for me, Thank you!** In my case i was using [NTLM authentication with Tomcat 8 along with Waffle](https://github.com/Waffle/waffle/blob/master/Docs/tomcat/TomcatMixedSingleSignOnAndFormAuthenticatorValve.md). – luiscla27 Jul 04 '19 at 20:16
0

Try updating your <authorization> to include an <allow> element as I have done here.

E.g. 

<system.web>
    <authentication mode="Windows" />
    <authorization>
        <allow users="yourdomain\someotheruser" />
        <deny users="?" />
    </authorization>
Community
  • 1
  • 1
Donal Lafferty
  • 5,807
  • 7
  • 43
  • 60