windows authenticationRSS

1 reply

Last post Nov 29, 2019 09:35 AM by Yuk Ding

  • windows authentication

    Nov 27, 2019 07:10 PM|Hassan.m|LINK

    I have a .NET 6 application (asp mvc) running under IIS 10 on Windows 2016 server and cannot get integrated windows authentication working properly as I continue to get prompted for a login. I have set Windows Authentication to enabled in IIS with all other security types disabled and my application web.config file authentication/authorization is set up as:

    <system.web>
    <authenticationmode="Windows"/>
    <authorization>
    <deny users = "?" />
    </authorization>
    </system.web>
    With this setup, I'm expecting behind the scene verification of the Windows user to allow access and deny anonymous users. However, what I'm getting is a Windows login pop-up when I try to access the site.

    I really appreciate any help anyone can provide so that I'm still using only windows authentication but don't get the pop-up and the windows authentication is performed against the actual Windows user.

  • Re: windows authentication

    Nov 29, 2019 09:35 AM|Yuk Ding|LINK

    Hi Hassan.m,

    If you are accessing your website via IP address or localhost, then IIS would probably use NTLM authentication. If it keep falling, please try to Enable DisableLoopBack

    1.Navigate to registry : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

    2.Click on Lsa Registry and add DisableLoopbackCheck registry key as DWORD value.

    3.Then double-click the key and Enter 1.

    If you are accessing your website via domain name. 

    For example if your server's AD is a.com and your site's public domain is www.b.com. Then your website will use Kerberos authentication instead of NTLM you have to register www.b.com as SPN for your AD domain user.

    https://blogs.msdn.microsoft.com/webtopics/2009/01/19/service-principal-name-spn-checklist-for-kerberos-authentication-with-iis-7-07-5/

    Best Regards,

    Jokies Ding

    Yuk Ding

    MSDN Community Support
    Please remember to "Mark as Answer" the responses that resolved your issue.