?
Solved

IIS Prompt for UserName and password when I access intranet site

Posted on 2006-04-13
21
Medium Priority
?
2,257 Views
Last Modified: 2012-05-05
I'm using IIS server 6.0 and ASP.net 2.0.  The source code was written in Microsoft Visual Studio 2005 in VB.Net. I'm trying setup new intranet site and was written in VB.net code to access the login username thru ADSystemInfo object.  I got the error message: "No mapping between account names and security IDs was done."  on ADSystemInfo object function called .userName.

Here's the source code:
Dim objSysInfo As Object
Dim strUserName As String

objSysInfo = CreateObject("ADSystemInfo")
strUserName = objSysInfo.UserName

I did some test on Visual Studio Windows application by using objSystInfo.UserName, it works fine. I didn't get error message.  But on Web application,  when I called objSysInfo.DomainDNSName, it works fine and return my DNS name and SiteName, but when called the function objSysInfo.ComputerName, I got the error message: Access is Denied. I think it has to do security settings on my local pc.

Here's the source code:
 objSysInfo = CreateObject("ADSystemInfo")
 strUserName = objSysInfo.UserName

strUserName = objSysInfo.DomainDNSName
 strUserName = objSysInfo.SiteName
 strUserName = objSysInfo.ComputerName

After searching thru the help, I reset the IIS server sittings to Anonymous Access, checked Integrated Windows authentication and Digest authentication for Windows domain server. I restart IIS server and reboot the server, it still prompt for UserName and Password.

As soon as I take out the function on objSysInfo.UserName, my web server never prompt for username and password again. So I know it definitely problem with my ADSystemInfo (ActiveDS.dll) object and IIS server. Can someone help me on this?

Thanks advance for your help.
Annie
0
Comment
Question by:achen30
  • 8
  • 6
  • 6
20 Comments
 
LVL 10

Expert Comment

by:aki4u
ID: 16447942
in web.config add:

<identity impersonate="true" />
0
 
LVL 10

Expert Comment

by:aki4u
ID: 16447952
in iis, check only Windows Authentication
0
 

Author Comment

by:achen30
ID: 16448006
set <identity impersonate="true" /> was there already, I uncheck the Digest authenitication, left with Windows Authentication, I restart IIS server by using Net Stop IISAdmin /y, but I didn't reboot the server. I got the same error message.

Any other suggestions?

Thanks,
Annie
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 33

Expert Comment

by:raterus
ID: 16448016
Any reason you need to use ActiveDS (A COM component) and not System.DirectoryServices.ActiveDirectory?

Also, there are much easier ways to get at some of the properties you're interested in, rather than resorting to ActiveDS or even DirectoryServices for that matter, for example to get the username, you'd use
User.Identity.Name

You do have to remove anonymous access from your website to get the true username.
0
 
LVL 10

Expert Comment

by:aki4u
ID: 16448073
sorry...if you are running locally then check Integrated Windows authentication and Digest authentication for Windows domain server.

Make sure Realm is populated.
0
 

Author Comment

by:achen30
ID: 16448107
I think I'm going to rewrite my code using System.DirectoryServices.ActiveDirectory, since ActiveDS (COM component) cause more security problem.  Do you have any examples on that?

Thanks,
Annie
0
 
LVL 33

Expert Comment

by:raterus
ID: 16448130
Depends really on what you want to do, I've not use System.DirectoryServices.ActiveDirectory much yet, so I probably won't be much help there, but there is a lot of activedirectory info available when you use windows authentication without using System.DirectoryServices at all.
0
 

Author Comment

by:achen30
ID: 16448187
Ok, maybe you can help me what is the best way to do this.  What I want to do is to find out who login on their desktop. For example, when user's log to their desktop with username and password (we only have one AD domain), when they click on my intranet, I don't have to prompt them to login again.

Thanks,
Annie
0
 
LVL 33

Expert Comment

by:raterus
ID: 16448208
In that case, you should do what aki4u has been saying, which is to disable anonymous access and enable Integrated Windows Authentication on IIS.  I'd leave Digest Authentication off if this is an intranet site.
0
 
LVL 10

Expert Comment

by:aki4u
ID: 16448219
why do you need to use ActiveDirectory? You can set up users and roles/groups in web.config....

<authentication mode="Windows" />
<identity impersonate="true" />
    <authorization>
         <allow roles="domain\ADgroupname, domain\ADgroupname"/>
         <deny users="*"/>
        <!--  <allow users="*" />Allow all users -->
            <!--  <allow     users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
                  <deny      users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
            -->
    </authorization>
0
 

Author Comment

by:achen30
ID: 16448276
Sorry I might miss lead the question.  I use the ActiveDirectory is to find out the username.  So I can automatically personalized the intranet page based on who logs in.  Is that make sense to you?  What's best way to get username from the desktop?
0
 
LVL 10

Expert Comment

by:aki4u
ID: 16448313
like raterus mentioned, you can get domainname\username with User.Identity.Name or Request.ServerVariables["AUTH_USER"]
0
 

Author Comment

by:achen30
ID: 16448642
I tried to use Request.ServerVariables("AUTH_USER") and Request.ServerVariables("LOGON_USER"), it returned username that server was logon to, not the client who login to the website.  Let me trying to explain it again.  I want to find out the user name from client pc that is accessing to my instranet site.  The request.ServerVariable returns the username who was login to the server, which is always administrator in my case.

any inputs?
0
 
LVL 33

Expert Comment

by:raterus
ID: 16448684
You must still have anonymous access on, when it is you will get this user, as the client user doesn't need to provide their credentials to the webbrowser.
0
 

Author Comment

by:achen30
ID: 16448809
I got it working. I didn't stop and restart IIS server. Thank you very much.
0
 
LVL 33

Expert Comment

by:raterus
ID: 16448868
somehow I think I got the short end of the stick on this one! :-)
0
 
LVL 10

Assisted Solution

by:aki4u
aki4u earned 800 total points
ID: 16448945
I agree
0
 

Author Comment

by:achen30
ID: 16449002
Did I do something wrong? sorry, I new a member in expert-exchange, I don't know how things work, please correct me if I did.
0
 
LVL 33

Accepted Solution

by:
raterus earned 1200 total points
ID: 16449043
Here's some help files on Closing Questions,
http://www.experts-exchange.com/help.jsp#hs5

Specifically, "More than one Expert helped solve my problem. What do I do?"
http://www.experts-exchange.com/help.jsp#hi69
0
 

Author Comment

by:achen30
ID: 16449062
I'm sorry raterus.  How can I go back and change it?
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the pain points with developing AJAX, JavaScript, JQuery, and other client-side behaviors is that JavaScript doesn’t allow for cross domain request for pulling content. For example, JavaScript code on www.johnchapman.name could not pull conte…
A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question