IIS 7 and Above
Windows Authentication work on IIS 10, not in 8.5
Last post Nov 07, 2019 08:33 AM by Florian M
Nov 06, 2019 02:30 PM|Florian M|LINK
I develop an ASP.NET WebSite with Windows Authentication. My development steps works fine but when I publish it on server my web site prompt user/password. After this popup all work fine but we want try to have a transparent connection.
Web.config extract<?xml version="1.0" encoding="utf-8"?><configuration> <system.web> <compilation debug="true" targetFramework="4.5" /> <httpRuntime targetFramework="4.5" /> <authentication mode="Windows" /> </system.web></configuration>
Development EnvironmentWindows 10Visual Studio 2017ASP.NET WebSite.NET Framework 4.5IIS 10.0.17134.1
IIS 10 configuration (development)Only "Windows Authentication" Authentication is Enabled - Providers : Negociate - Extended Protection Off - Enable Kernel-mode authentication checkedApplication Pool in .NET CLR 4.0.30319 - pipeline : integrated - Identity : ApplicationPoolIdentity
Server EnvironmentWindows Server 2012 R2 StandardIIS 8.5.9600.16384
IIS 8.5 configuration (server)Only "Windows Authentication" Authentication is Enabled- Providers : Negociate- Extended Protection Off- Enable Kernel-mode authentication checkedApplication Pool in .NET CLR 4.0.30319- pipeline : integrated- Identity : ApplicationPoolIdentity
Server FileSystemOn WebSite folder, try I Add "Read & Execute - List folder contents - Read" right on Security panel for- server_name\IIS_IUSRS- domain_name\test_user_loginbut change nothing
I make some test with logs enable on IIS and I have this
#Fields: date time cs-method cs-uri-query cs-username c-ip AUTH_TYPE
2019-11-06 11:07:48 GET - domain_name\test_user_login xxx.yyy.120.177 Negotiate
2019-11-06 11:07:53 GET - - xxx.yyy.120.177 -
First line when I write my account information in popup, second when I cancel popup.
Please can you help me to fix Windows Authentication on IIS 8.5?
Nov 06, 2019 02:50 PM|lextm|LINK
That's a browser side setting, so per browser type you need specific configuration. For IE/Chrome on Windows you might follow
For other browsers/OSs you need to check their documentation.
Nov 06, 2019 03:18 PM|Florian M|LINK
Thanks for your reply.
We use Chrome 78 (up-to-date).
One difference : use http://localhost in developement (don't have ".com" or other) and dns address for server (with ".com")
I add a "127.0.0.1 my-website.com" in hosts file and now I have same prompt with local and server call.
I add a "server-ip myWebSite" in hosts file and now all work fine!
I check all part of your link (I just need add my web site address in : Internet Options/Security/Local Intranet/Advanced)
But I still have prompt (test on IE 11 and Chrome 78)
http://localhost (OK) right clic - properties ==> Zone : Local intranet | Protected Mode: Off
http://my-website.com (have prompt - KO) right clic - properties ==> Zone : Local intranet | Protected Mode: Off
Nov 07, 2019 07:26 AM|Yuk Ding|LINK
Hi Florian M,
If you want to achieve transparent windows authentication for both IE and chrome, you have to make IE consider your website as intranet.
I agree that this is a client side behavior. So you have to make sure web browser has considered your website as an local intranet.
You need to specify that in IE local intranet list or let IE auto detect it.
When you test in in IIS 10, It match the rule to consider your website as intranet automatically.
However, IIS 8.5 Server is in a different network environment and IE consider your website as a internet website instead of intranet.
So you have to specify that in local intranet list or specify proxy to bypass the website.
Nov 07, 2019 08:33 AM|Florian M|LINK
Hi Yuk Ding,
Yes I saw this parts and apply it but nothing change :\