I have an application that requires windows authentication to login, the problem is that every time an user logs in under IE and win XP, the username is pre filled with the IP address of the server as instance and the username. I need to replace the server ip with XXXX instance name instead of doing this manually.
Could anyone pleas help me out with this one?
Thanks in advance,
7 Answers Found
Hi Hua-Jun Li,
I just specified windows in the config file as authentication mode and the login form prompts when I try to access the website, The problem is that for some IE users the login is matching the credentials with the server (ip address/username) and not with the Instance (Companyname/username) as i am working on a corporate network I would like the users to login with the company domain (Companyname/username). This is working if thew users access the site trought mozilla or IE on win 7.
Thanks for your help,
This may be more of a client-side problem than an asp.net problem.
Since the problem happens for some clients and not others, I wonder if this might be a case of the client saving the credentials. Sometime when a users is prompted for credentials, there is the option to "save this password" and that could play a part in this type of problem. Which version of IE is seeing the problem? IE 6? IE 7?
Typically windows integrated authentication shouldn't prompt a client for credentials if that client is on a workstation that is joined to the same (or trusted) domain. You may want to check to see which internet zone IE thinks the address is in. Which zone shows up in IE when the problem is reproduced?
Ideally you'll want the website to be set in IE's "local intranet" zone. Also ideally the IE client should have the default setting of "Automatic logon only in Intranet Zone."
For IE7 or IE8 you might try clearing passwords to see if that makes any difference.
Internet Explorer 8
To remove a stored password or other stored information in Internet Explorer 8:
1.From the Tools menu, select Internet Options.
2.On the General tab, under "Browsing history", click Delete... .
3.Check the item(s) you want to delete:
?Temporary Internet files (copies of web pages, images, and media that are saved for faster viewing)
?History (the lists of web sites you have visited)
?Form data (saved information you have typed into forms)
?InPrivate Filtering data (saved data used by InPrivate Filtering to detect where web sites may be automatically sharing details about your visit)
To delete everything, uncheck Preserve Favorites website data and check all the other options.
Internet Explorer 7
To remove a stored password or other stored information in Internet Explorer 7:
1.From the Tools menu, select Internet Options.
2.On the General tab, under Browsing history, click Delete... . You now have several options:
?To delete temporary Internet files (copies of web pages, images, and media that are saved for faster viewing), click Delete files... .
?To delete cookies, click Delete cookies... .
?To delete the history (the lists of web sites you have visited), click Delete history... .
?To delete form data (saved information that you have typed into forms), click Delete forms... .
?To delete passwords, click Delete passwords... .
?To delete all of the above, click Delete all... .
3.Click OK twice.
For IE6 you might experiment with http://support.microsoft.com/kb/229940 - How to disable Internet Explorer password caching. "When you try to view a Web site that is protected with a password, you are prompted to type your security credentials in the Enter Network Password dialog box. If you click to select the Save this password in your password list check box in this dialog box, the computer saves your password so that you do not have to type the password again when you try to use the same document. This behavior is known as password caching."
gromikov: This is working if thew users access the site trought mozilla or IE on win 7.
There are three reasons why experts advise not to use windows Authentication. The reasons are:
• It’s tied to Windows users.
• It’s tied to Windows client machines.
• It doesn’t provide much flexibility or control and can’t be customized easily.
I'd elaborate only the second one which may be related to your problem:
The second problem is that some of the authentication methods that IIS uses require users to ave compatible software on their computers. This limits your ability to use Windows authentication for users who are using non-Microsoft operating systems or for users who aren’t using Internet Explorer.
Best of luck. I hope you'd find a good solution.
If the clients are part of the same domain as the servers, and the clients are connected to that domain, Windows Integrated authentication is a great thing. High recommendations for it under these conditions.
But if the clients are coming across the www without a VPN connection, I'd tend to recommend the website be set to use anonymous authentication (if the intent is for everyone to reach it of course) or basic authentication (if the clients have valid UN and PW for an account either on that local server or an account in the active directory) protected by SSL.
Thank you all for your replay
The problem is that the server is part of xxx1 domain and the users are coming from xxx domain, so when the users try to login, the form is pre loading domain xxx1, so once clicking ok, the login form will prompt again showing on the username field : xxx1/username and not xxx/username. However if I manually change thedomain name from xxx1 to xxx the application will login just fine.
Does anyone know a way to set xxx as default domain?
Thanks in advance,
If the iis website were set to use basic authentication, yes. This can be set in the advanced properties of the IIS manager.
If it is set to use windows integrated authentication, no.
But if it is using windows integrated authentication, and your client machine is part of a domain that is trusted by the domain your web server is on, you probably shouldn't be prompted for credentials at all. This assumes that there is a trust in place. This also assumes that your IE client has the address it is browsing to in its local intranet zone list. It also might assume that certain firewalls have certain ports open.
Is the website (from the IIS perspective, not the web.config perspective) using Integrated authentication only?
And is the address you're browsing to recognized by the IE client as being part of the local intranet zone?
If you click CANCEL when prompted for authentication, do you get a 401.2 error or a 401.1 error?
I just recent added another authentication provider for form authentication. i am able to log in and browse around the site with the permission i gace my test SQL authenticated user however.... the first time i log in every time i recieve access denied on
thefirst subsite of my main site, all i need to do is simply hit "go back to site" and it takes me to where i want to go. This happens ONCE with what ever user i initally log in as. I am able to from there log in as any other user with no other issues
until i reopen the browser.
Recap: Inital access denied on main sites subsite(not my search center site)
Hit "go back to site" and it takes me to where i want to go
happens every time i open a new browser(firefox, Ie) once it fails once its fine till i reopen the browser.
Any help or thoughts would be appreciated im banging my head on this.
Please be advised I have followed the steps on
http://donalconlon.wordpress.com/2010/02/23/configuring-forms-base-authentication-for-sharepoint-2010-using-iis7/. I have tried to fix the following issue for a week using different farms and SharePoint 2010 installations, however I am getting
the following error when trying to authenticate using Forms Based into a Claims site:
Cannot get Membership Provider with name FBARoleProvider The membership provider for this process was not properly configured. You must configure the membership provider in the .config file for every SharePoint process.
1. I am certain the membership provider is configured in the SecurityTokenServiceApplication webservice as I can manage users and roles in IIS7 using the SecurityTokenServiceApplication website.
2. I am certain that membership provider is configured in the both the Claims Web Application and Central Admin as I can manage users and roles in IIS7 using their websites.
3. I know the issue is the SecurityTokenServiceApplication service as I had to set <serviceDebug includeExceptionDetailInFaults="true" /> to get the error above.
4. I can log into the Claims Based Application using windows authentication, however I am unable to see the users on the people picker despite that I can see them from the application's site on IIS and the fact that I added <add key="FBARoleProvider"
<add key="FBAMembershipProvider" value="%" /> to the <PeoplePickerWildcards> tag.
5. The Sharepoint Account for all involved application Pools is the same and it has full permissions to the FBA users database.
6. Weird enough I confirmed everywhere that FBARoleProvider is a SqlRoleProvider and that FBAMembershipProvider is a SqlMembershipProvider, and not the other way around.
I am just short of creating my own STS service, and I am hoping someone has encountered this issue before.Read more...
I am using authentication mode="Forms" with ldap, i manage to login and logour fine but when user 1 is logged and when user2 logs, user1 gets the user2 session. Any idea why this might be happening? Here is some code:
<forms name="login" loginUrl="Login.aspx" />
protected Boolean ValidateUser(String strUsername, String strPassword)
//Return true if the username and password is valid, false if it isn't
ExpensesWebsite.LDAP aLDAP = new ExpensesWebsite.LDAP();
return (aLDAP.Authenticate(strUsername, strPassword));
// lblError.Text = "Binding successful.";
// FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false);
// lblError.Text = "Username found, wrong password.";
catch (Exception ex)
lblError.Text = "* Incorrect username or password";
private String AssignRoles(String strUsername)
//Return a | separated list of roles this user is a member of
if (txtUserName.Text == "ahmadk")
protected void btnLogon_Click(object sender, EventArgs e)
if (ValidateUser(txtUserName.Text, txtPassword.Text))
String strRole = AssignRoles(txtUserName.Text);
//The AddMinutes determines how long the user will be logged in after leaving
//the site if he doesn't log off.
FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1,
DateTime.Now.AddMinutes(30), false, strRole,
Session["LoggedIn"] = "Yes";
lblError.Visible = true;
Many thanks in advanceRead more...
Here's an issue I didn't see coming for our forms based authentication users.
We have a web application extended to an external url to handle forms based authentication for users outside of our domain. Our setup looks like this...
Internal Users/Windows Authentication - moss.domain.com
External Users/Forms Based - mossext.domain.com
My Site for Internal Users - mysites.domain.com
When our forms based users are accessing user lists, or discussion pages that display user pictures, they are getting a windows authentication login for our internal users (mysites.domain.com) who have populated their my site with personal photo.
How do we fix this? Read more...
Hi all !
Okay, my question is related to http://social.msdn.microsoft.com/Forums/en/messengerconnect/thread/8c79ebba-59de-48be-b308-db139ad430c3 but
the thread is closed, so I suppose I have to open a new one.
clarify my project :
have my own logon form and the SSO is working fine, but I need a Live token for my user to access to other Live application without login again.
I am trying to do is to avoid the login process by microsoft (consent UI ) but use my custom logon form instead, then get a verification code and integrate the code you sent from http://msdn.microsoft.com/en-us/library/ff752581.aspx
managed to get the verification code using the OAuth Wrap Exemples. Could
I use this unique code for my application, or will it be subject to changes ? I suppose : No, because each verification code is affected to one unique user. And if I get a token, it is actually the token of this user. Is there a way to get a verification code
for all my users ?
is maybe not the best way to do it.
this possible to make my own logon form and use it with Windows Live ?
for your help
What do I need to do in order to change an application from Forms Authentication to windows authentication?
I am not sure if this is the correct forum - apologies in advance - I could not identify where it should go!
I have an ASP.NET Web Application that uses Forms Authentication using
System.Web.Security.ActiveDirectoryMembershipProvider for signing on using Windows credentials. This works nicely and is solid.
The problem I have is connecting to SQL Server. I need to be able to connect to SQL Server using Windows Authentication
(trusted_connection=yes or Integrated Security=SSPI). This is critical so I can record the user that created/last modified specific records and also to collect "Task-based" records that are relevant to the
currently authenticated user.
I have tried Google and a tonne of variations of web.config entries, using Win API to impersonate etc... The only way that I could make it happen was to:-
1. Use the web.config entry:
(please entry at the bottom of the post. For some reason it won't go into the right spot in this post!)
2. Log on specifically as the user specified in the above web.config entry. If I log on as anyone else (ie Authenticate as anyone else), then SQL server simply gets the ASPNET service account as the Windows user.
I have laboured over this for hours upon hours. I really would appreciate some assistance.
Thanks in Advance,
I want to change the skin(means change the colours) of the login page of forms authenticated sharepoint site. Please reply me ASAP as it is a high priority task for me.Read more...
I was given this REST WCF Web Services (VS2008) deployed in virtual machine. There is a login form authentication when I hit the web service URL (e.g. http://www.test.com/myservice.svc)
I want to create an application client in java to access this web service. However, I'm not sure how to go about doing this.
So I've tried to change the Authentication to "None" in IIS (ASP.NET Configuration Settings).
When I enter the above URL, the login form is no longer there.
But if I want to "drill down" to a specific entity, there is no data returned (e.g. http://www.test.com/myService.svc/Address)
Note that when the web service is running with login form authentication, http://www.test.com/myService.svc/Address returns a list of address entities.
1. Why does it behave this way?
2. What can I do to get away with the login form authentication so that it'll return the list of addresses?
3. Or any suggestion how my application client should handle the login form authentication. Note: client app is written in Java.Read more...
I have succeeded in setting up SharePoint foundation 2010 to use forms authentication with anonymous access enabled but am having some problems accessing my site from the internet. Running locally on the server everything works fine. From the internet the
site displays for the anonymous user but when I try to sign in the following message is displayed:
The Web application at http://<serverurl>/SitePages/Home.aspx could not be found. Verify that you have typed the URL correctly. If the URL should be serving existing content, the system administrator may need to add a new request URL mapping to the
The actual url when this error occurs is http://<serverurl>/_login/default.aspx?ReturnUrl=/_layouts/Authenticate.aspx%3fSource%3d%252FSitePages%252FHome%252Easpx&Source=/SitePages/Home.aspx
http://<serverurl>/SitePages/Home.aspx is the initial page that displays fine as an anonymous user so the message is clealy misleading. I suspect that I need to set some permissions that
will allow an internet user to access the login screen but am not sure why this would have different permissions from other content.
Any thoughts?Read more...
I am trying to use HTTPWebRequest to login to a site and then retrieve the page after login. However, it seems as if I can't get past the login. I also investigated with Fiddler and tried mimicking Fiddler almost completely and still no luck.
Any idea what I am doing wrong?
Dim webRequest As HttpWebRequest
Dim responseReader As StreamReader
Dim responseData As String
Dim postData As String = "firstname.lastname@example.org&password=testexpert"
Dim cookies As CookieContainer = New CookieContainer()
Dim requestWriter As StreamWriter
'post form data to page
strUrl = "https://www.ideeli.com/login"
webRequest = HttpWebRequest.Create(strUrl)
webRequest.Method = WebRequestMethods.Http.Post
webRequest.ContentType = "application/x-www-form-urlencoded"
webRequest.CookieContainer = cookies
webRequest.ContentLength = postData.Length
requestWriter = New StreamWriter(webRequest.GetRequestStream)
'now we send the cookie
webRequest = HttpWebRequest.Create("http://www.ideeli.com")
webRequest.CookieContainer = cookies
responseReader = New StreamReader(webRequest.GetResponse.GetResponseStream())
responseData = responseReader.ReadToEnd()
strRequestedHTML = responseData
Catch ex As Exception
ErrorLabel.Text += "<br />There was an error going to this site: " + strUrl + "<br> Error: " + ex.Message
Hi, good day,
i have a web application called, Universal Login System, by its name, it is the one and only Login page that all of our users is login in whenever they need to access one or more web application. this is how it happen, e.g. the user types the URl www.uniuser.com then he logs in then if authenticated, a list of links of allowed application for the user will be displayed, then when the user click on application1 he will be redirected to www.application1.com
what i want to do is in the web.config of the application1, i would like to place these codes. will this be possible?
We have sharepoint 2007 site deployed on Windows server 2008, IIS 7.0. We extended the web application to enable forms based authentication referring to link
http://msdn.microsoft.com/en-us/library/bb975136(office.12).aspx#MOSS2007FBAPart1_Intro, we selected
Kerberos instead of NTLM, behavior is like, when user tries to login into the site using OOB login.aspx, user again gets redirected to the login page.
We tried to extend the web application again but this time we selected NTLM, but this time farm account (also is application pool identity) is not able login and exhibits same behavior as above, but for other users we are able to login.
Has anyone come across this behavior? can anyone please guide me in correct the behavior?
my scenario is: Single Sign-on Within a Sub Domain (two virtual directories under the same sub domain)
I've setup both sites using the same forms authentication info in my web.config. both sites have the same machine key's as well.
I sign into site1. i click a link that directs to site2.
site2 still redirects me to the login page, however on the login page I test HttpContext.Current.User.Identity.IsAuthenticated and it returns true. I also tested on site2's login page to pull the ticket's information and it's pulling everything.
so it looks like SSO is working as far as sharing the authentication ticket, yet I cannot figure out why it still puts me on the login page?
site 1: https://mysub.mydomain.com/site1/
link in site1 that directs to site2: site 1: https://mysub.mydomain.com/site2/mypage.aspx
any ideas? appreciate any help someone could give.Read more...
I have successfully enabled and set up FBA (Forms Based Authentication) on my SharePoint 2010 Foundation server. The thing is that I need to customize the look and feel of the login page. I have successfully customized the page (and master page) to look the way I want, however, when I try to log in, I get the following error/message on the page:
"Forms Based Authentication on classic Web applications has been deprecated".
What I've done:
Made copies of /_layouts/simple.master and /_layouts/login.aspx and renamed the copies. The markup in the master page is MUCH simpler than the original, but I've kept all the ContentPlaceholders that I don't use (most of them) in a hidden <asp:Panel at the bottom of the page.
I've changed the web.config file:
<forms loginUrl="/_layouts/loginCustom.aspx" />
So, I'm not getting any errors on the page until I try to log in. When I use the default settings (login.aspx and simple.master) it works just fine (but damn that page looks ugly!).
Does anyone know what I might be missing?
Update: I believe the reason it doesn't work is because my custom login aspx is not part of the Claims Based Web Application (because it's sitting in the 14 hive). So the question is how to get around this?
I just created a small site with form authentication with route handling. Without forms authentication, the pages route just fine. With forms, it returns back to the login page as it is not one of my allowed locations specified in my web.config file.
I know I probably need to write a custom route handler. Does anyone have an example I can follow for this? Thanks.Read more...
I can login in locally using the development server, but after uploading the files- including MySql.Data.dll and MySql.Web.dll - to my hosting server I can't. There is no errors, it just won't login. I can get records from my database, so I know it's not the connection.
Here is my Web.config
<add name="LocalMySqlServer" connectionString="server=db_server_name;database=tempdb;user id=user_name; password=my_password" providerName="MySql.Data.MySqlClient" />
<add connectionStringName="LocalMySqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Clear" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" name="MySQLMembershipProvider" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=126.96.36.199, Culture=neutral, PublicKeyToken=c5687fc88969c44d" autogenerateschema="true" />
<add name="MySQLProfileProvider" type="MySql.Web.Profile.MySQLProfileProvider, MySql.Web, Version=188.8.131.52, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="LocalMySqlServer" applicationName="/" />
<roleManager enabled="true" defaultProvider="MySQLRoleProvider">
<add connectionStringName="LocalMySqlServer" applicationName="/" name="MySQLRoleProvider" type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=184.108.40.206, Culture=neutral, PublicKeyToken=c5687fc88969c44d" autogenerateschema="true"/>
<authentication mode="Forms" />
<compilation debug="true" strict="false" explicit="true">
<add name="MySQL Data Provider" invariant="MySql.Data.MySqlClient" description=".Net Framework Data Provider for MySQL" type="MySql.Data.MySqlClient.MySqlClientFactory, MySql.Data, Version=220.127.116.11, Culture=neutral, PublicKeyToken=c5687fc88969c44d" />
I have cuccessfully implemented Form Bases authentication, when user clicks on login button a pre defined login page is shown.
i want my own customized page should be shown up wheneve user clicks on "Login" button.
Is it possible?Read more...
We have created a sharepoint site with Commerce server site deployed on it. We have deployed Extensitblity Kit of CS 2009. This site has Form and windows based authetication. Then we have extended that site to intranet zone so new iis site was
Problem we are facing is as and when we are logging in with form based authentication, user is getting authenticated but page is redirecting again to signout.aspx page asking to close the brower". windows based authentication is working fine. Also Extended
site is also not working facing the same problem of login/logout cycle.
I have a question regarding SharePoint Foundation 2010 and backup / restore jobs...
I'm doing nightly farm backups using PowerShell:
Backup-SPFarm -Directory \\same-server\***** -BackupMethod Differential
This morning I decided to try and restore a single web application, just to make sure it works. In Central Administration I selected the latest farm backup and then selected the node for the Web Application and choose restore (using option: Same configuration)
because it's the same server. Restore process went fine, no failure messages, and I can see that it has restored the content I deleted for testing.
BUT when I enter the site. I'm presented with a Login page (that you would see if you have also configured Forms Authentication for the same zone, which I have not) and the drop down box show two options: "Windows Authentication" and "Windows
Authentication". Both let me use windows credentials to login so basically the login page is pointless and it wasn't there before.
I should note: The Web Application was and is configured to use Claims Based Authentication and for Windows Authentication: Kerberos. Nothing for forms. Default sign in page. And I was never presented with this redundant login page before the restore.
Anyone knows why this could be happening and how to solve it??