Home » SQL ServerRSS

Windows authentication login form issue

Hi guys,

I have an application that requires windows authentication to login, the problem is that every time an user logs in under IE and win XP, the username is pre filled with the IP address of the server as instance and the username. I need to replace the server ip with  XXXX instance name instead of doing this manually.

Could anyone pleas help me out with this one?

Thanks in advance,

 

 

7 Answers Found

 

Answer 1

Hi gromikov,

Request.ServerVariables("LOGON_USER")
it will work only when Windows Integrated Authentication is turned on and Anonymous Access is turned off.

Returns the Windows account that the user  is logged into

REMOTE_USER: Returns an unmapped user-name string sent in by the user

It will give the visitor IP address  and in cases this will be affected by firewalls and proxy servers of commercial companies

AUTH_USER: Returns the raw authenticated user name

Please check the following link:

http://support.microsoft.com/kb/306359

http://www.aspcode.net/List-of-RequestServerVariables.aspx

http://www.4guysfromrolla.com/webtech/092298-3.shtml

 

Answer 2

 Hi  Hua-Jun Li,

I just specified windows  in the config file as authentication  mode and the login  form prompts when I try to access the website, The problem  is that for some IE users the login is matching the credentials with the server  (ip address/username) and not with the Instance (Companyname/username) as i am working on a corporate network I would like the users to login with the company domain (Companyname/username). This is working if thew users access the site trought mozilla or IE on win  7.

 

Thanks for your help,

 

 

 

Answer 3

 

This may be more of a client-side problem  than an asp.net problem.

Since the problem happens for some clients and not others, I wonder if this might be a case of the client saving the credentials.  Sometime when a users is prompted for credentials, there is the option to "save this password" and that could play a part in this type of problem.   Which version of IE is seeing the problem?  IE 6? IE 7?

Typically windows  integrated authentication  shouldn't prompt a client for credentials if that client is on a workstation that is joined to the same (or trusted) domain.  You may want to check to see which internet zone IE thinks the address  is in.  Which zone shows up in IE when the problem is reproduced?

Ideally you'll want the website to be set in IE's "local intranet" zone.  Also ideally the IE client should have the default setting of "Automatic logon only in Intranet Zone." 

 

For IE7 or IE8 you might try clearing passwords to see if that makes any difference.

Internet Explorer 8
To remove a stored password or other stored information in Internet Explorer 8:

1.From the Tools menu, select Internet Options.

2.On the General tab, under "Browsing history", click Delete... .

3.Check the item(s) you want to delete:

?Temporary Internet files (copies of web pages, images, and media that are saved for faster viewing)
?Cookies
?History (the lists of web sites you have visited)
?Form data (saved information you have typed into forms)
?Passwords
?InPrivate Filtering data (saved data used by InPrivate Filtering to detect where web sites may be automatically sharing details about your visit)
To delete everything, uncheck Preserve Favorites website data and check all the other options.

4.Click Delete.
Internet Explorer 7
To remove a stored password or other stored information in Internet Explorer 7:

1.From the Tools menu, select Internet Options.

2.On the General tab, under Browsing history, click Delete... . You now have several options:

?To delete temporary Internet files (copies of web pages, images, and media that are saved for faster viewing), click Delete files... .
?To delete cookies, click Delete cookies... .
?To delete the history (the lists of web sites you have visited), click Delete history... .
?To delete form  data (saved information that you have typed into forms), click Delete forms... .
?To delete passwords, click Delete passwords... .
?To delete all of the above, click Delete all... .
3.Click OK twice.

 

--------------

For IE6 you might experiment with http://support.microsoft.com/kb/229940 - How to disable Internet Explorer password caching.   "When you try to view a Web site that is protected with a password, you are prompted to type your security credentials in the Enter Network Password dialog box. If you click to select the Save this password in your password list check box in this dialog box, the computer saves your password so that you do not have to type the password again when you try to use the same document. This behavior is known as password caching."

-----------------------


 

 

Answer 4

gromikov:
This is working if thew users access the site trought mozilla or IE on win  7.
 

There are three reasons why experts advise not to use windows  Authentication. The reasons are:

• It’s tied to Windows users.

• It’s tied to Windows client machines.

• It doesn’t provide much flexibility or control and can’t be customized easily.

I'd elaborate only the second one which may be related to your problem:

The second problem  is that some of the authentication  methods that IIS uses require users to ave compatible software on their computers. This limits your ability to use Windows authentication for users who are using non-Microsoft operating systems or for users who aren’t using Internet Explorer.

Best of luck. I hope you'd find a good solution.

 

Answer 5

If the clients are part of the same domain as the servers, and the clients are connected to that domain, Windows Integrated authentication  is a great thing.  High recommendations for it under these conditions.

But if the clients are coming across the www without a VPN connection, I'd tend to recommend the website be set to use anonymous authentication (if the intent is for everyone to reach it of course) or basic authentication (if the clients have valid UN and PW for an account either on that local server  or an account in the active directory) protected by SSL.

 

Answer 6

Thank you all for your replay

 

The problem  is that the server  is part of xxx1 domain and the users are coming from xxx domain, so when the users try to login, the form is pre  loading domain xxx1, so once clicking ok, the login  form will prompt again showing  on the username  field : xxx1/username and not xxx/username. However if I manually  change thedomain name from xxx1 to xxx the application  will login just fine.

Does anyone know a way to set xxx as default domain? 

 

Thanks in advance,

Alexis

 

Answer 7

If the iis website were set to use basic authentication, yes.  This can be set in the advanced properties of the IIS manager.  

If it is set to use windows  integrated authentication, no.

But if it is using windows integrated authentication, and your client machine is part of a domain that is trusted by the domain your web server  is on, you probably shouldn't be prompted for credentials at all.  This assumes that there is a trust in place.  This also assumes that your IE client has the address  it is browsing to in its local intranet zone list.  It also might assume that certain firewalls have certain ports open. 

Is the website (from the IIS perspective, not the web.config perspective) using Integrated authentication  only?

And is the address you're browsing to recognized by the IE client as being part of the local intranet zone?

If you click CANCEL when prompted for authentication, do you get a 401.2 error or a 401.1 error?

 

 
 
 

<< Previous      Next >>


Microsoft   |   Windows   |   Visual Studio   |   Follow us on Twitter