Click here to Skip to main content
14,429,362 members
Rate this:
Please Sign up or sign in to vote.
See more:
I have a scenario in my application like, need to fetch the current system login userName and check the username with other details. if valid username then need to allow the form to redirect to other page. For that i have used the code to fetch the current login username as :

string userName = HttpContext.Current.User.Identity.Name;


As i am using the current system user details, i went for "windows Authentication mode" and wrote the following code in web.cofig file

<system.web>
    <customErrors mode="Off"/>
    <compilation debug="true" targetFramework="4.0"/>
    <authentication mode="Windows">
    </authentication>
    <identity impersonate="true"/>
    <authorization>
      <deny users="?"/>
    </authorization>
  </system.web>


The whole thing is working fine in my local system. But after publishing the application in IIS and open in web browser it is asking for the username and password credentials with one prompt dialogue. After passsing the current system username and password only it is going to application main page other wise it is showing the error like

"HTTP Error 401.1 - Unauthorized You do not have permission to view this directory or page using the credentials that you supplied."

By goggling for answer i have made some changes like: In IIS, after going to Application i have adjusted the following setting : For authentication : i disabled the "Anonymous and Impersonation" authentication and only enabled the "Windows authentication"

And in windows authentication ,i go for "providers" and Moved the "NTLM" to upper.

what may be the reason for this, How to disable the popup that is asking for the username and password.

Thanks
Posted
Updated 30-Jul-14 1:57am
v3

1 solution

Rate this:
Please Sign up or sign in to vote.

Solution 1

Internet Explorer will only use the current system credentials to log in to Windows Authenticated sites which are in the Local Intranet zone. Add your site to that zone, and you should get the same behaviour as your local copy.

http://www.sevenforums.com/tutorials/144766-internet-explorer-security-zones-add-remove-sites.html[^]

Other browsers will still prompt for a username and password.

EDIT: It turns out other browsers can log in automatically, but it's not immediately obvious.

Firefox


Mozilla currently supports a whitelist of sites that are permitted to engage in SPNEGO authentication with the browser. This list is intended to be configured by an IT department prior to distributing Mozilla to end-users.

The preferences are:
pref("network.negotiate-auth.trusted-uris", site-list);
pref("network.negotiate-auth.delegation-uris", site-list);
pref("network.automatic-ntlm-auth.trusted-uris", site-list);

where, site-list is a comma-separated list of URL prefixes or domains of the form:
site-list = "mydomain.com, https://myotherdomain.com"




This add-on makes it easier to manage this list, allowing you to stick with Firefox but still use pass-through authentication like Windows/NTLM or Kerberos.


http://www.liquidstate.net/blog/technology/enabling-ntlm-authentication-single-sign-on-in-firefox/[^]

Chrome


Chrome doesn't have separate page for specifying intranet URL for NTLM auto login. It takes its URLs for auto login from Internet Explorer's "Local Intranet" sites list.
   
v2
Comments
V G S Naidu A 30-Jul-14 0:51am
   
so can't we implement the windows authentication in other browsers without asking username and password ?
Richard Deeming 30-Jul-14 6:46am
   
It turns out you can, but it's not obvious. I'll update the answer with the details.
V G S Naidu A 30-Jul-14 11:45am
   
thanks for your valuable solution, but we are deploying the application in client location,In which we could not assign those setting to every system in local network. Here my questions are (1) Is windows authentication is mandatory to work with asp.net website in local network (2) is windows authentication mode is required to get the login Name and current domain of the system. But when i use the Forms authentication, the above code to get the current system login name returns null, it is only working with windows login. What is the reason. thanks
Richard Deeming 30-Jul-14 12:54pm
   
1. No, Windows Authentication is not required. You could use any supported authentication scheme, or even turn off authentication all together. However, this would leave you unable to restrict access to the application based on the user account.

2. To automatically get the username and domain name from the browser without the user re-typing them, you must use Windows Authentication, the site must be in the user's "Local Intranet" zone (or Firefox's trusted URIs list), and the web server must be in the same AD domain as the user.

For security reasons, browsers do not send your username and domain name to sites which aren't using Windows Authentication, or which aren't in the Local Intranet zone. If you are unable to add your site to the Local Intranet zone, then you'll either have to turn off authentication, or the users will have to re-type their username and password.
V G S Naidu A 2-Aug-14 2:01am
   
ok thanks for the valuable information. In my application two types of logins one is user section, i.e he can directly go default page and access them,if his user name is listed in Database table otherwise he can't browse the application,

Another one is Admin Section in this section he will access more setting pages then user.
In this scenario, with out any authentication i could not handle the application, that's why i am going to either "Forms authentication " or "Windows authentication".
From the above comments, what i have understood is, if i go through "Forms authentication" the browser must and surely asking for the credential. so we didn't have any alternative over come this with "forms authentication".
To overcome this situation, i must and surely have to use "Windows authentication" am i right? (presenlty what i am doing).
But unfortunately ,it is also asking for username and password even though i published the application in my local iis in my own system.
From your point 2, it should be in same Active directory domain,here sure i am Same AD,because i hosted the application in my local iis only.
you said site must be in "Local intranet" zone, Is there any way that local IIS can be recognized as "non local intranet" zone?.

Thanks once again,surely your points makes me to move forward.
Richard Deeming 4-Aug-14 7:48am
   
There are several reasons why your site might not automatically be in the local intranet zone:

* If the host name you use to access the site contains a ".", then it won't be treated as an intranet site;
* The zone might be disabled - typically, if your computer isn't joined to a domain;
* The "automatically detect intranet network" setting might be turned off;

Eric Law has a blog post which goes into more detail: http://blogs.msdn.com/b/ieinternals/archive/2012/06/05/the-local-intranet-security-zone.aspx[^]
V G S Naidu A 18-Aug-14 10:48am
   
Thank you very much for your explanation.
V G S Naidu A 18-Aug-14 10:51am
   
I have another doubt, as i mentioned before, my application working with windows based authentication ,i am using the Oracle database and i need to implement the role based authorization, how could i achieve this , i think membership could not work with oracle and Windows authentication.. can you give me any idea. thanks
Richard Deeming 18-Aug-14 13:19pm
   
Oracle provide a range of ASP.NET providers[^], including a role provider.

ASP.NET role providers operate entirely independently from the authentication and membership systems. You just need to ensure that the usernames in your role provider match the usernames provided from the authentication system - with Windows authentication, they will probably be prefixed with the Windows domain-name.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100