IE prompts for password, even though Forms Authentication is used

From: Charles Forsyth (charles_at_charlesforsyth.com)
Date: 10/09/05

  • Next message: Charles Forsyth: "Re: IE prompts for password, even though Forms Authentication is used" 
    Date: 8 Oct 2005 17:16:46 -0700

    Hi all,

    I have an ASP.Net application that has worked swell on both my
    development environment and production for some time now. Development
    is running on a WinXP Pro box, Production is running on a Win 2000
    Server.

    However, the other day we had to move the application to another
    server. The new server is Windows 2003 box.

    The problem is that when you visit any page that requires forms
    authorization IE will prompt the user to log in to that box. This
    doesn't make sense since I'm not using Windows Authentication, I'm
    using Forms Authentication.

    For the heck of it, I went to IIS and checked. Anonymous authentication
    is enabled, and all other forms are disabled. That includes Windows
    Integrated and Basic.

    Then for the heck of it, I made sure that the local "ASPNET" account
    had full control on every single file and folder on that box. Just in
    case it's some ACL permission issue.

    Still, the browser prompts for logon.

    What is strange is, when you click cancel on the logon prompt, it still
    lets you in and the page runs. But as soon as you try to access another
    page, IE prompts you again to log on.

    One thing though, the app works fine if I VPN in to the network, and
    access it via IP address instead of using the web domain name assigned
    to the app in the DNS.

    This gives me a clue that it could have something to do with our ISA
    server. Or perhaps DNS?

    Has anyone else had this problem? How did you fix it?

  • Next message: Charles Forsyth: "Re: IE prompts for password, even though Forms Authentication is used"

    Relevant Pages

    • Windows prompts for login but using Forms Authentication
      ... development environment and production for some time now. ... Server. ... What is strange is, when you click cancel on the logon prompt, it still ...
      (microsoft.public.dotnet.framework.aspnet)
    • IE prompts for password, even though Forms Authentication is used
      ... development environment and production for some time now. ... doesn't make sense since I'm not using Windows Authentication, ... What is strange is, when you click cancel on the logon prompt, it still ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: How to deny access to domain shares from a workgroup computer
      ... If I take the example of Internet Explorer pass-through authentication: ... the authentication process is identical whether I am prompted and enter credentials, or whether my logged in credentials are passed-through ... It is just an authentication based on username and password; and authentication protocol designed to make it hard to intercept or decipher the authentication in transit; and a convenience mechanism for passing through under certain circumstances without an explicit prompt. ... By adding a prefix he is really saying "this version rather than that version of my account". ...
      (microsoft.public.windows.server.security)
    • Re: How to deny access to domain shares from a workgroup computer
      ... It makes sense to me, now that you clearly state it, that there is no need to trust the machine where the authentication is coming from. ... If he truly knew nothing about the domain, it is somewhat unlikely for him to have a local account whose name matches that of a domain account, although this is possible. ... user name and password sufficient credentials, ... It is just an authentication based on username and password; and authentication protocol designed to make it hard to intercept or decipher the authentication in transit; and a convenience mechanism for passing through under certain circumstances without an explicit prompt. ...
      (microsoft.public.windows.server.security)
    • Re: How to deny access to domain shares from a workgroup computer
      ... sufficient credentials, then it's fine. ... There isn't really any level of trust involved. ... If I take the example of Internet Explorer pass-through authentication: ... I think what you are describing is some changes in Prompt behaviour. ...
      (microsoft.public.windows.server.security)