0

I have an ASP.NET Core 6 MVC web app that I later added Windows authentication to using this guide from Microsoft's documentation.

Running the application on my local environment works like a charm - I am able to authenticate without being prompted for credentials and I can use authorization to secure actions and/or the controllers themselves.

HOWEVER, after publishing the site to the web server, I am prompted for my domain credentials. If I enter my credentials, I am authenticated and everything works as it should.

The guide states:

IIS Integration Middleware is configured to automatically authenticate requests by default.

But this does not seem to be the case in my experience. The associated link is also broken as it does not go to the right place.

It is my understanding that as long as the client and the server are on the same domain, then users should be automatically authenticated. I have verified that my computer & the server are both on the same domain by running this command:

systeminfo | findstr /B "Domain"

The web server also has "User Authentication" set to "Automatic logon only in Intranet zone."

My best guess is that the issue is the binding I setup in IIS. I am using the IP address so I can access the site from my local browser in the meantime for testing by a few users. Once the site goes live, will I stop being prompted? Or is there additional setup?

Some key details:

  • ASP.NET Core 6 MVC intranet web app
  • Added Windows authentication later on using Microsoft guide
  • Windows Server 2019 Standard x64
  • PC and Server on the same domain
  • Windows authentication installed on server and enabled on IIS site
  • Site binding = HTTP, server ip address, & port 8080 e.g. http://127.0.0.1:8080
  • Internet options on server: User Authentication set to Automatic logon only in Intranet zone
  • Internet Options on local: set by the administrator. Can't confirm what it's currently set to until I get a reply from the Help Desk.
desertnaut
  • 57,590
  • 26
  • 140
  • 166
jdelgado1025
  • 3
  • 4
  • What URL are you using to connect? Are you using `http://machinename:8080/` or `http://machinename.fulldomain.com:8080/`? Are you actually logged in to a domain account on the client machine when trying this? – Charlieface May 17 '23 at 23:28
  • @Charlieface 1, I'm using `http://machineip:8080` as that is what I have in the bindings. 2, yes, I am logged in to my domain account on the client computer e.g. DOMAIN\UName. When the prompt appears, it displays the same DOMAIN when using EDGE and I am able to login using the same credentials I used to login to the client machine – jdelgado1025 May 17 '23 at 23:52
  • OK so if you want to automatically log in you need to use the fully qualified name of the machine. And change the binding to `*:8080` so that it accepts any name. – Charlieface May 17 '23 at 23:55
  • @Charlieface Where do I find the FQDN? – jdelgado1025 May 18 '23 at 00:04
  • I just told you `machinename.fulldomain.com` the one you got from `systeminfo` – Charlieface May 18 '23 at 00:16
  • @Charlieface thanks. That seemed to work at least on Edge. I can't tell if it worked with Chrome as I had already entered my credentials. However, I get prompted when I use Firefox. Any idea why? I'm assuming it's the browser settings – jdelgado1025 May 18 '23 at 16:09
  • https://support.mozilla.org/en-US/kb/windows-sso – Charlieface May 18 '23 at 16:10
  • @Charlieface yeah, I went through the settings right after I sent that comment and enabled it. It doesn't seem to make a difference though. I still get prompted. I checked the link you sent and double checked that my domain account shows up - it's there. – jdelgado1025 May 18 '23 at 16:26
  • I also seem to be able to login without entering the credentials if I just hit the "Sign in" button, regardless of whether or not the SSO is enabled. And after closing the browser, I am prompted again. – jdelgado1025 May 18 '23 at 16:46

0 Answers0