1

IIS 8.5 web server hosting a web application with its Site enabled for Windows authentication (Providers: Negotiate, NTLM), the web server is joined to corporate domain let's say domain.dom. The web application hosted on this web server is reachable by the URL let's say https://hostname.lab.local and it is in the corporate Intranet. Users's laptop (Windows S.O.) that need to access this page are also joined to domain.dom. I would like automatic access against the web page for these users. I was able to reach this with Firefox browser by setting these two parameters:

 network.automatic-ntlm-auth.trusted-uris=https://hostname.lab.local
 network.negotiate-auth.trusted-uris=https://hostname.lab.local

with Firefox, domain users, can login without providing any credential. Now the issue comes with Chrome (ver 70.0.3538.67), the web site still prompt for user and password. Anyway if the domain user enters its credential manually, the job is done. I followed lot of forums so i tried these configuration under Internet Settings, Chrome settings and so on, here some examples:

1) Added the URL https://hostname.lab.local under "Chrome > Settings > Advanced > Open Proxy Settings > Security (tab) > Local Intranet > Sites (button) > Advanced" and
2) tried editing the type of user authentication under Local Intranet>Custom Level with "automatic access in the Intranet area only" then "automatic access with current username and password"
3) I tried to do the same under Trusted Site   
4) IWS is also enabled under Advanced>Security

These settings are well explained and shown at this link (i know that it's 7 years ago): How to enable Auto Logon User Authentication for Google Chrome.

But with no luck. I also tried launching Chrome with options (no luck):

Chrome.exe -auth-server-whitelist="hostname.lab.local" -auth-negotiate-delegatewhitelist="hostname.lab.local" -auth-schemes="digest,ntlm,negotiate"

Finally i tried with "Chrome policy templates" following these steps, again well explained in the previous provided link (this is a copy\paste):

1. Download and unzip the latest Chrome policy templates
2. Start > Run > gpedit.msc
3. Navigate to Local Computer Policy > Computer Configuration >   
   Administrative Templates
4. Right-click Administrative Templates, and select Add/Remove Templates
5. Add the windows\adm\en-US\chrome.adm template via the dialog
6. In Computer Configuration > Administrative Templates > Classic 
   Administrative Templates > Google > Google Chrome > Policies for HTTP
   Authentication enable and configure Authentication server whitelist
   (hostname.lab.local added in the whitelist)                                                                       
7. Restart Chrome and navigate to chrome://policy to view active policies

Anyway when i go to chrome://policy i cannot see the Chrome policy just created, even if i can see it under Local Computer Policy, strange isn't it? All these configuration was performed under a domain joined laptop. Would be great if someone can help me.

Marco_81
  • 153
  • 1
  • 5
  • 20
  • After updating Chrome to version 70.0.3538.67. I am experiencing the same issue in that it now prompts for user and password authentication. In my previous version of Chrome, version 69.0.3497.100, the behaviour was as expected in that authenticated domain users credentials would automatically get passed without the user being prompted. – Steven Schroeder Oct 19 '18 at 23:16
  • Can you try these settings? > Local Intranet (User Auth: automatic access only in the Intranet area), Trusted Sites (add the URL https://yoursite.com in Advanced button, User Auth: automatic access only in the Intranet area) plus this: Internet Properties>Connections>LAN Settings>do not flag "Automatically detects settings" nor the other options. With these settings i'm able to perform auto-login with the Chrome v.70 – Marco_81 Oct 22 '18 at 13:12

0 Answers0