Solved

IIS7 Windows Authentication: Pop up boxing requesting credentials, not same behavior as IIS6

Posted on 2010-09-08
9
2,478 Views
Last Modified: 2012-05-10
In IIS6, we would set a site to use Windows Integrated Authentication and set the proper NTFS permissions on the site's home directory.  Users who had correct NTFS permissions could view site and no one else could.  

In IIS7, I set the same site (migrated from iis6 to iis7) to use Windows Authentication and set the correct NTFS permissions (atleast what I think is correct) and no matter who the user is, they get a pop up box asking for username/password from the browser.  When I go to the site in IIS6, I do not get prompted for credentials and get directed directly to the site (either page for valid users or a custom unauthorized access page for those without access.

What am I missing here?  Thanks!
0
Comment
Question by:frankrizzo1856
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 33632644
I'm going to assume you are using IE.

When you connect to the website what is the security zone on the right hand side of the status bar?  'Local Intranet', Trusted Sites' or 'Internet'

If it's 'Internet' that is your problem.
0
 

Author Comment

by:frankrizzo1856
ID: 33635700
This is an internal intranet site, so not the issue there.
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 33639631
Yes it is an issue.  The browser is responsible for determining how to automatically log into a web server.

When IIS is setup to use Windows Authentication it sends a response to the browser requiring Windows Credentials to log in.  The browser decides if the users current running credentials on the client should be used.

So, if the internal site is http://www.mydomain.com/ and if the "Primary Dns Suffix" in the IP connection settings is 'mydomain.com' then IE will mark the site as "Local Intranet" and automatically sign you into the web site without showing the prompt.

If the internal site is http://www.internalsite.com/ and the "Primary Dns Suffix" in the IP connection settings is 'mydomain.com' then you need to make *.internalsite.com a 'Trusted Site' and set the feature "Automatically Login using Windows Credentials" then the user will be logged in automatically.

Cheers
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:frankrizzo1856
ID: 33639691
It is a trusted site and the same site in IIS6 with the same exact URL and domain works as expected from the same browser/workstation.  This is why I am saying it is not a browser issue.
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 33640111
I'm sorry but this is always a browser issue even though it might not seem that way.

For example in Firefox you can set automatic log in using a different strategy but Opera will always prompt when a new session is started.  Safari and Chrome will always prompt once and you can save the credentials.

I manage a lot of IIS servers with both IIS 6 and IIS 7 in an intranet with 23 different domains and too many websites to count.  Every single time it turns out to be a browser/client issue.

Sometimes it's a registry issue that has to be fixed with Group Policy.

Can you confirm you have the 'Automatically login using Windows Credentials' set in IE for the 'Trusted Sites'?
0
 

Author Comment

by:frankrizzo1856
ID: 33650786
Yes, "automatic login" is set in IE settings.  
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 33828567
I'd double check your settings.  If you followed the recommendations this shouldn't be happening.
0
 

Accepted Solution

by:
frankrizzo1856 earned 0 total points
ID: 34852059
We ended up rebuilding the server to resolve the issue.
0
 

Author Closing Comment

by:frankrizzo1856
ID: 34886319
We rebuilt server to resolve.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question