Firefox doesn't show authentication prompt with Windows Authentication

Question

I'm building an Intranet ASP.NET web application for an organization, and want to authenticate the users using Windows Authentication. I have two WCF WebHttpBinding-bound self-hosted services. Both use webHttpBinding with RESTHttpBinding configuration.

<webHttpBinding>
    <binding name="RESTHttpBinding">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows"/>
      </security>
    </binding>
  </webHttpBinding>

My services behave correctly (prompts for authentication) on Chrome, Opera and IE (in the latter case - only if I set Logon in User Authentication in Security Settings to "Prompt for user name and password"). But in Firefox I can either use this method to allow automatic authentication or get exactly the same result described in this post: just 401 Unauthorized and a blank page.

I've spent HOURS on googling and trying different options. I can't find the way to make Firefox show me the prompt.

score 0 · Answer 1 · answered Mar 27 '14 at 10:56

I checked how it's happening in Sharepoint where Windows Authentication is also used and in Firefox the prompt appears and it turned out, that the server response in Sharepoint comes with a header

WWW-Authenticate: NTLM

whereas in my case I got the 401 response with the

WWW-Authenticate: Negotiate

So I changed my app.config file:

  <webHttpBinding>
    <binding name="RESTHttpBinding">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="NTLM"/>
      </security>
    </binding>
  </webHttpBinding>

And now the prompt appears.

Still it's not the solution I'm completely satisfied with: NTLM is said to be downgrading comparing to Windows Authentication.

Pakman · Answer 2 · 2015-02-27T22:09:46.473

0

I found this answer elsewhere:

Open IIS and select the website that is experiencing the 401
Open the "Authentication" property in the "IIS" category
Click the "Windows Authentication" item and click "Providers"
Move NTLM above Negotiate

If that doesn't work, perhaps you're using a Mac. I've found that Mac Firefox disallows even entering your credentials if the connection is not SSL secured.

edited Feb 27 '15 at 22:09

answered Feb 27 '15 at 21:21

Pakman

2,170
3
23
41

Oh, I didn't specifiy it: my service is not IIS-hosted. It's self-hosted. – Varvara Kalinina Mar 03 '15 at 11:12
Ahh, I see now that you stated "two WCF WebHttpBinding-bound self-hosted services". I'll leave my answer in case someone else arrives here using IIS, though. – Pakman Mar 03 '15 at 16:42
Yes, I think it might be helpful for someone – Varvara Kalinina Mar 03 '15 at 17:36

Firefox doesn't show authentication prompt with Windows Authentication

2 Answers2