IIS Prompt for UserName and password when I access intranet site

I'm using IIS server 6.0 and ASP.net 2.0.  The source code was written in Microsoft Visual Studio 2005 in VB.Net. I'm trying setup new intranet site and was written in VB.net code to access the login username thru ADSystemInfo object.  I got the error message: "No mapping between account names and security IDs was done."  on ADSystemInfo object function called .userName.

Here's the source code:
Dim objSysInfo As Object
Dim strUserName As String

objSysInfo = CreateObject("ADSystemInfo")
strUserName = objSysInfo.UserName

I did some test on Visual Studio Windows application by using objSystInfo.UserName, it works fine. I didn't get error message.  But on Web application,  when I called objSysInfo.DomainDNSName, it works fine and return my DNS name and SiteName, but when called the function objSysInfo.ComputerName, I got the error message: Access is Denied. I think it has to do security settings on my local pc.

Here's the source code:
 objSysInfo = CreateObject("ADSystemInfo")
 strUserName = objSysInfo.UserName

strUserName = objSysInfo.DomainDNSName
 strUserName = objSysInfo.SiteName
 strUserName = objSysInfo.ComputerName

After searching thru the help, I reset the IIS server sittings to Anonymous Access, checked Integrated Windows authentication and Digest authentication for Windows domain server. I restart IIS server and reboot the server, it still prompt for UserName and Password.

As soon as I take out the function on objSysInfo.UserName, my web server never prompt for username and password again. So I know it definitely problem with my ADSystemInfo (ActiveDS.dll) object and IIS server. Can someone help me on this?

Thanks advance for your help.
Annie
achen30Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

aki4uCommented:
in web.config add:

<identity impersonate="true" />
aki4uCommented:
in iis, check only Windows Authentication
achen30Author Commented:
set <identity impersonate="true" /> was there already, I uncheck the Digest authenitication, left with Windows Authentication, I restart IIS server by using Net Stop IISAdmin /y, but I didn't reboot the server. I got the same error message.

Any other suggestions?

Thanks,
Annie
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

raterusCommented:
Any reason you need to use ActiveDS (A COM component) and not System.DirectoryServices.ActiveDirectory?

Also, there are much easier ways to get at some of the properties you're interested in, rather than resorting to ActiveDS or even DirectoryServices for that matter, for example to get the username, you'd use
User.Identity.Name

You do have to remove anonymous access from your website to get the true username.
aki4uCommented:
sorry...if you are running locally then check Integrated Windows authentication and Digest authentication for Windows domain server.

Make sure Realm is populated.
achen30Author Commented:
I think I'm going to rewrite my code using System.DirectoryServices.ActiveDirectory, since ActiveDS (COM component) cause more security problem.  Do you have any examples on that?

Thanks,
Annie
raterusCommented:
Depends really on what you want to do, I've not use System.DirectoryServices.ActiveDirectory much yet, so I probably won't be much help there, but there is a lot of activedirectory info available when you use windows authentication without using System.DirectoryServices at all.
achen30Author Commented:
Ok, maybe you can help me what is the best way to do this.  What I want to do is to find out who login on their desktop. For example, when user's log to their desktop with username and password (we only have one AD domain), when they click on my intranet, I don't have to prompt them to login again.

Thanks,
Annie
raterusCommented:
In that case, you should do what aki4u has been saying, which is to disable anonymous access and enable Integrated Windows Authentication on IIS.  I'd leave Digest Authentication off if this is an intranet site.
aki4uCommented:
why do you need to use ActiveDirectory? You can set up users and roles/groups in web.config....

<authentication mode="Windows" />
<identity impersonate="true" />
    <authorization>
         <allow roles="domain\ADgroupname, domain\ADgroupname"/>
         <deny users="*"/>
        <!--  <allow users="*" />Allow all users -->
            <!--  <allow     users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
                  <deny      users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
            -->
    </authorization>
achen30Author Commented:
Sorry I might miss lead the question.  I use the ActiveDirectory is to find out the username.  So I can automatically personalized the intranet page based on who logs in.  Is that make sense to you?  What's best way to get username from the desktop?
aki4uCommented:
like raterus mentioned, you can get domainname\username with User.Identity.Name or Request.ServerVariables["AUTH_USER"]
achen30Author Commented:
I tried to use Request.ServerVariables("AUTH_USER") and Request.ServerVariables("LOGON_USER"), it returned username that server was logon to, not the client who login to the website.  Let me trying to explain it again.  I want to find out the user name from client pc that is accessing to my instranet site.  The request.ServerVariable returns the username who was login to the server, which is always administrator in my case.

any inputs?
raterusCommented:
You must still have anonymous access on, when it is you will get this user, as the client user doesn't need to provide their credentials to the webbrowser.
achen30Author Commented:
I got it working. I didn't stop and restart IIS server. Thank you very much.
raterusCommented:
somehow I think I got the short end of the stick on this one! :-)
aki4uCommented:
I agree
achen30Author Commented:
Did I do something wrong? sorry, I new a member in expert-exchange, I don't know how things work, please correct me if I did.
raterusCommented:
Here's some help files on Closing Questions,
http://www.experts-exchange.com/help.jsp#hs5

Specifically, "More than one Expert helped solve my problem. What do I do?"
http://www.experts-exchange.com/help.jsp#hi69

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
achen30Author Commented:
I'm sorry raterus.  How can I go back and change it?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.