0

I am in the deployment phase of two separate asp.net 4.5 web applications being put onto a server running asp.net 4.6. We use a mixture of windows 7 and windows 10. All computers are on the same domain and the server is running IIS 8.5. This intranet application is supposed to use windows authentication to either send a user with invalid credentials to a web page with an error message or give the person access to the site. The problem is that some users are getting prompted to login regardless of security group that they belong to.

I have added the domain to the company wide whitelist and set internet explorer to use automatic windows authentication on intranet websites. We have tried moving the site to a non-shared folder. We finally tried converting both of the web applications to a web site project and the security worked just fine. However, we don't want to use web site projects anymore and find this to be a temporary solution.

I have made certain that authentication has been set to windows. When checking the IIS logs, I see the error codes 401 0 0 15 and 401 2 5 0. Maybe there is some other setting that we are overlooking when deploying? Any help would be greatly appreciated.

Nick
  • 1
  • 2
  • this post helped me a lot: https://stackoverflow.com/questions/5402381/receiving-login-prompt-using-integrated-windows-authentication?rq=1 In my case I just needed to move "NTLM" up the security providers list. – pcalkins Aug 06 '19 at 20:40
  • Generally speaking, you have 'authentication' (are you who you say you are / who are you?) and 'authorization' (are you allowed to view / do the thing you are trying to?). see: https://stackoverflow.com/questions/6556522/authentication-versus-authorization In IIS, Windows authentication will handle the authentication part. What are you doing about authorization? You say 'regardless of security group they belong to'. Why does this matter? How are you handling membership in different groups? – Jonathan Aug 06 '19 at 20:56

1 Answers1

0



For your application to log in with your network's active directory, you need to configure windows authentication twice, the first one is from your application (Visual Studio) and the second one is in the IIS and you must convert the folder into an application and use the framework version correctly. 

Visual Studio:
<system.web>
     <authentication mode = "Windows" />
</system.web>

IIS: Convert the folder to application by right clicking and "Convert to application", then select the application and go to the "Authentication" tab disable "Anonymous authentication" and enable "Windows authentication"

Greetings from Mexico.

Ransomware0
  • 427
  • 3
  • 10
  • 1
    So when converting to an application do all the files need to be in there @Ransomware0? I read somewhere online that when you build it in Visual Studio you just need to move the bin folder. Up to this point we have been putting all of the files into one folder... – Nick Aug 07 '19 at 13:02
  • So we tried it with both web applications and one worked and the other didn't. (we also couldn't find the "convert to application" item on right click). So we ended up creating an application group then adding the files to it. – Nick Aug 07 '19 at 14:26
  • Please add a capture of your procedure. – Ransomware0 Aug 07 '19 at 15:58