Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

IIS 6 integrated authentication still prompts for credentials

Posted on 2009-07-15
7
Medium Priority
?
665 Views
Last Modified: 2012-06-21
I have an existing intranet website that uses anonymous authentication in IIS and handles user authentication via ASP.  Each page checks for the existence of a session variable that is populated when the user successfully logs in.  If that variable is null, the user is redirected to login.asp where they can login.

I want to use integrated authentication so users aren't prompted to enter a password.  What I've done is changed the authentication settings on login.asp in IIS Manager.  I disabled anonymous access for this page and set the only enabled authentication method to integrated windows authentication.  The idea being, that when the user is redirected to login.asp, I can grab their windows username, set the session variable for them, and thus automatically log them in.

Here's the problem.  When I browse to login.asp, I still get a authentication dialog box popup in the browser.  I'm using Firefox and have added the sites URL to the "network.automatic-ntlm-auth.trusted-uris" parameter under about:config.  I've checked the NTFS permissions on the file and verified that integrated windows authentication is selected for it in IIS Manager - but it still prompts me for authentication.

I created a new website in IIS for testing purposes.  I created a new webroot folder and copied the login.asp file into it.  I set the directory security options for this new test website to allow anonymous access and then manually set the authentication options on the login.asp file to only permit integrated windows auth.  I added the test site's URL to firefox's list of NTLM sites and when I browse to login.asp on the test site, I am logged in automatically.

Here's the kicker - in IIS Manager, I changed the directory for the test website to the same directory as the existing intranet.  Now when I browse to the test site, everything works perfectly, I am automatically logged in.

So, something about the configuration of the intranet site in IIS is screwy.  Essentially, I've set up a duplicate website in IIS, pointing to the same webroot, with the same auth settings, and that one works but the original site doesn't.

I could just create a new site in IIS and disable the old one, but there are tons of virtual directories, and special settings on subfolders that I'd have to duplicate, which would be a lot of work.

Very frustrating...what am I missing?
0
Comment
Question by:FWeston
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 22

Expert Comment

by:cj_1969
ID: 24870935
This sounds like some additional settings have been enabled, or not, in the original site configuration.
Check the properties tab for the site and then check the Home tab then the Configuration button then the Options tab ... check the Enable parents path to start with.
0
 
LVL 3

Author Comment

by:FWeston
ID: 24871263
I've gone through the IIS properties for both sites side by side and they're identical.  Neither had the enable parents path option selected.  Enabling this didn't change affect the problem.
0
 
LVL 22

Expert Comment

by:cj_1969
ID: 24871670
Check in the site and see if there is web.config file.
Look for the authentication section, see if this is set to forms ...
i.e.
<!-- Web.config file -->
<system.web>
   <authentication mode="Forms">
      <forms forms="401kApp" loginUrl="/login.aspx" />
   </authentication>
</system.web>

if it is, change it to
<system.web>
   <!-- mode=[Windows|Forms|Passport|None] -->
   <authentication mode="Windows" />
</system.web>


Well, change the authentication mode ="" portion in your file.
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 3

Author Comment

by:FWeston
ID: 24871731
There is not a web.config file.
0
 
LVL 22

Accepted Solution

by:
cj_1969 earned 1500 total points
ID: 24872310
Try looking at the metabase.xml file and see if there is a section specifically for the site in question and if it has an authentication section in it.

Check out this page for info on editing the metabase ... http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/1d1e5de4-fd63-40cd-bc5d-c20521548eed.mspx?mfr=true
0
 
LVL 3

Author Comment

by:FWeston
ID: 24872582
I ended up just disabling the existing site and setting up all the virtual directory settings on the test site and everything is working.  It ended up being less work, and I needed to get it done so I could proceed with the project.  I'll give you points for the assistance though.
0
 
LVL 22

Expert Comment

by:cj_1969
ID: 24872795
Thanks!
If I had known you were going that route I would have tried to help you out with that.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question