Internet Explorer prompting for username and password for AD Users.

Question

0.00/5 (No votes)

See more:

, +

Hi,

I have an asp .net application. It has been installed at many of our client's server under a domain and is working successfully with single sign on.

A new client is added to our list where i got stuck with the Active Directory SSO issue. I have checked the settings in IIS for the authentication part. It is set for Windows Authentication only.

The application is working on the server when run as localhost and takes the user inside the application without prompting the user for username and password. but if the same user logs in on some other pc in same network which is connected to the same domain he is prompted for username and password.

The client is so strict on security part that he is not ready to even show us the security tab of internet explorer to check if the "Automatically logon with current user name and password" is enabled or not. They have a global group policy across their organisation.

According to them, they have many other web based applications which work with single sign on having the same policy.

My question is. Is it possible to bypass the credential prompt without having "Automatically logon with current user name and password" enabled in internet explorer security settings?

The client is not ready to show or change its policy unless i can show them some kind of server log or some evidence which can proove my side.

Please help me to come out of this.

Posted 5-Sep-14 3:43am

Surendra1978

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Answer 1 · 2014-09-05T06:07:00

Solution 1

No, you can't bypass the credential prompt if they've disabled automatic logon, or disabled the Local Intranet zone.

If they're not prepared to work with you to resolve the issue, then they'll either have to live with the credential prompt, or solve the issue themselves. :)

Posted 5-Sep-14 6:07am

Richard Deeming

Comments

Surendra1978 10-Sep-14 1:07am

Thank you Mr. Richard,

Today i got a reply from them detailing about the IE settings. It is set as:

Local Intranet --> 0x20000 --> Automatic logon only on inte intranet zone
Trusted Sites --> 0x20000 --> Automatic logon only on inte intranet zone
Internet --> 0x20000 --> Automatic logon only on inte intranet zone
Restricted Sites --> 0x10000 --> Prompt for user name and password

Now, what may be the problem area where i need to focus. Is it the Restricted Sites zone?

Richard Deeming 10-Sep-14 7:32am

They'll need to check what zone your site is in, and add it to the Local Intranet zone if necessary.

There are several reasons why your site might not automatically be in the local intranet zone:

* If the host name you use to access the site contains a ".", then it won't be treated as an intranet site;
* The zone might be disabled - typically, if your computer isn't joined to a domain;
* The "automatically detect intranet network" setting might be turned off;

Eric Law has a blog post which goes into more detail: http://blogs.msdn.com/b/ieinternals/archive/2012/06/05/the-local-intranet-security-zone.aspx[^]