• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2267
  • Last Modified:

IIS Prompt for UserName and password when I access intranet site

I'm using IIS server 6.0 and ASP.net 2.0.  The source code was written in Microsoft Visual Studio 2005 in VB.Net. I'm trying setup new intranet site and was written in VB.net code to access the login username thru ADSystemInfo object.  I got the error message: "No mapping between account names and security IDs was done."  on ADSystemInfo object function called .userName.

Here's the source code:
Dim objSysInfo As Object
Dim strUserName As String

objSysInfo = CreateObject("ADSystemInfo")
strUserName = objSysInfo.UserName

I did some test on Visual Studio Windows application by using objSystInfo.UserName, it works fine. I didn't get error message.  But on Web application,  when I called objSysInfo.DomainDNSName, it works fine and return my DNS name and SiteName, but when called the function objSysInfo.ComputerName, I got the error message: Access is Denied. I think it has to do security settings on my local pc.

Here's the source code:
 objSysInfo = CreateObject("ADSystemInfo")
 strUserName = objSysInfo.UserName

strUserName = objSysInfo.DomainDNSName
 strUserName = objSysInfo.SiteName
 strUserName = objSysInfo.ComputerName

After searching thru the help, I reset the IIS server sittings to Anonymous Access, checked Integrated Windows authentication and Digest authentication for Windows domain server. I restart IIS server and reboot the server, it still prompt for UserName and Password.

As soon as I take out the function on objSysInfo.UserName, my web server never prompt for username and password again. So I know it definitely problem with my ADSystemInfo (ActiveDS.dll) object and IIS server. Can someone help me on this?

Thanks advance for your help.
Annie
0
achen30
Asked:
achen30
  • 8
  • 6
  • 6
2 Solutions
 
aki4uCommented:
in web.config add:

<identity impersonate="true" />
0
 
aki4uCommented:
in iis, check only Windows Authentication
0
 
achen30Author Commented:
set <identity impersonate="true" /> was there already, I uncheck the Digest authenitication, left with Windows Authentication, I restart IIS server by using Net Stop IISAdmin /y, but I didn't reboot the server. I got the same error message.

Any other suggestions?

Thanks,
Annie
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

 
raterusCommented:
Any reason you need to use ActiveDS (A COM component) and not System.DirectoryServices.ActiveDirectory?

Also, there are much easier ways to get at some of the properties you're interested in, rather than resorting to ActiveDS or even DirectoryServices for that matter, for example to get the username, you'd use
User.Identity.Name

You do have to remove anonymous access from your website to get the true username.
0
 
aki4uCommented:
sorry...if you are running locally then check Integrated Windows authentication and Digest authentication for Windows domain server.

Make sure Realm is populated.
0
 
achen30Author Commented:
I think I'm going to rewrite my code using System.DirectoryServices.ActiveDirectory, since ActiveDS (COM component) cause more security problem.  Do you have any examples on that?

Thanks,
Annie
0
 
raterusCommented:
Depends really on what you want to do, I've not use System.DirectoryServices.ActiveDirectory much yet, so I probably won't be much help there, but there is a lot of activedirectory info available when you use windows authentication without using System.DirectoryServices at all.
0
 
achen30Author Commented:
Ok, maybe you can help me what is the best way to do this.  What I want to do is to find out who login on their desktop. For example, when user's log to their desktop with username and password (we only have one AD domain), when they click on my intranet, I don't have to prompt them to login again.

Thanks,
Annie
0
 
raterusCommented:
In that case, you should do what aki4u has been saying, which is to disable anonymous access and enable Integrated Windows Authentication on IIS.  I'd leave Digest Authentication off if this is an intranet site.
0
 
aki4uCommented:
why do you need to use ActiveDirectory? You can set up users and roles/groups in web.config....

<authentication mode="Windows" />
<identity impersonate="true" />
    <authorization>
         <allow roles="domain\ADgroupname, domain\ADgroupname"/>
         <deny users="*"/>
        <!--  <allow users="*" />Allow all users -->
            <!--  <allow     users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
                  <deny      users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
            -->
    </authorization>
0
 
achen30Author Commented:
Sorry I might miss lead the question.  I use the ActiveDirectory is to find out the username.  So I can automatically personalized the intranet page based on who logs in.  Is that make sense to you?  What's best way to get username from the desktop?
0
 
aki4uCommented:
like raterus mentioned, you can get domainname\username with User.Identity.Name or Request.ServerVariables["AUTH_USER"]
0
 
achen30Author Commented:
I tried to use Request.ServerVariables("AUTH_USER") and Request.ServerVariables("LOGON_USER"), it returned username that server was logon to, not the client who login to the website.  Let me trying to explain it again.  I want to find out the user name from client pc that is accessing to my instranet site.  The request.ServerVariable returns the username who was login to the server, which is always administrator in my case.

any inputs?
0
 
raterusCommented:
You must still have anonymous access on, when it is you will get this user, as the client user doesn't need to provide their credentials to the webbrowser.
0
 
achen30Author Commented:
I got it working. I didn't stop and restart IIS server. Thank you very much.
0
 
raterusCommented:
somehow I think I got the short end of the stick on this one! :-)
0
 
aki4uCommented:
I agree
0
 
achen30Author Commented:
Did I do something wrong? sorry, I new a member in expert-exchange, I don't know how things work, please correct me if I did.
0
 
raterusCommented:
Here's some help files on Closing Questions,
http://www.experts-exchange.com/help.jsp#hs5

Specifically, "More than one Expert helped solve my problem. What do I do?"
http://www.experts-exchange.com/help.jsp#hi69
0
 
achen30Author Commented:
I'm sorry raterus.  How can I go back and change it?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

  • 8
  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now