Re: credentials not going to IIS automatically

From: "David Wang" <w3.4you@xxxxxxxxx>
Date: 14 Nov 2006 12:20:57 -0800

Please give the exact URL that you use to access this web application
when it asks for password.

I suspect it looks like:
http://www.domain.com/WebApp.aspx

In which case your issue is with the browser not auto-authenticating
with the server. Once you configure authentication in IIS, IIS will
ALWAYS ask for credentials from the client. The question is whether the
client provides the credentials without prompting the user, and that
depends on browser configuration. Nothing IIS can do because that would
be a security flaw.

//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

David Thielen wrote:

Hi;

I am having a problem where IIS wants me to log in where IIS is on a Win
2003 server on the same domain as I am on on my workstation.

This is for an ASP.NET 2.0 app (that I am writing) set to use Windows
authentication. When running from VS 2005 using the integrated webserver, the
website knows who I am and I have zero signon.

But when I copy the website to IIS on Win2003 it pops up the dialog box
asking me to sign in. I enter my domain\username and password and then it all
works fine.

Why am I getting prompted for my uname/pw? The server is on the same domain
as is my workstation. Is there something I need to set on IIS so it asks IE
to automatically pass my credentials across?

My web.config is:

<authentication mode="Windows"/>
<identity impersonate="true"/>
<authorization>
<allow roles="windward\Windward Administrators, windward\Windward Users"/>
<deny users="*"/>
</authorization>
<roleManager enabled="true"
defaultProvider="AspNetWindowsTokenRoleProvider" />

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

Follow-Ups:
- Re: credentials not going to IIS automatically
  - From: David Thielen

Prev by Date: Re: FTP maximum password attempts
Next by Date: Re: credentials not going to IIS automatically
Previous by thread: Re: FTP maximum password attempts
Next by thread: Re: credentials not going to IIS automatically
Index(es):
- Date
- Thread

Relevant Pages

Re: Permission Problems SBS2003 R1
... website on the SBS server? ... Default permissions and user rights for IIS 6.0 ... Step 3: Please check the permissions in IIS manager: ... Step 4: Re-running CEICW on SBS server: ...
(microsoft.public.windows.server.sbs)
[NT] Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise
... This patch eliminates a newly discovered vulnerability affecting Internet ... in IIS 4.0 and 5.0, and could likewise be used to overrun heap memory on ... allowing code to be run on the server. ... * Microsoft has long recommended disabling HTR functionality unless there ...
(Securiteam)
Re: IIS 6 fails anonymous connection
... > I have a newly built Windows Server 2003, with IIS 6 installed. ... > NTFS for website folders is set to IUSR RO, ... Integrated authentication, I can view it. ...
(microsoft.public.inetserver.iis.security)
Re: Can I run an Internet web server from a Win2K computer?
... You can deffinately run an internet website from IIS on Windows 2000 Pro., ... Be aware though, that there can be no more than 10 simultaneous connections, but for your homegrown website, I would think that this is not a problem. ... You will have to set up your broadband router to forward incoming HTTP connections on port 80 to the computer hosting the website ... I'm trying to use the web server that comes with Windows 2000 ...
(microsoft.public.win2000.general)
Re: HOW MORE FRUSTRATING CAN THIS GET!!!
... because security is more open by default and the IIS ... If you're deploying your own website you have three ... configure inbound HTTP Server and HTTPS Server packet ... the following Publishing methods employ rules ...
(microsoft.public.isa)