IIS sends login dialog for already authenticated users.

[Sandy]

Hi,
I am using ASP.NET windows authentication in one of the applications. My
application is deployed on one of the 2003 servers. This server is member of
a domain say "MyDomain".
Now, when a user who is logged on to a system which dos not belongs to
"MyDomain", tries to access this site, he gets a login dialog box which is
correct. However, if the user is logged on to a system that belongs to
"MyDomain", he should not get this dialog box. but in my case, he also gets
this box.

The same code works well in windows 2000.

Please suggest.

[Ken Schaefer]

This is a browser issue - it is the browser the decides whether to prompt
the user for credentials. Check the rquirements for "auto logon" here:

[url]http://support.microsoft.com/?id=258063[/url]
Internet Explorer May Prompt You for a Password

Cheers
Ken

"Sandy" <Sandy@discussions.microsoft.com> wrote in message
news:20E9B2C9-AD2D-410D-AC0B-A657A13DD5A6@microsoft.com...

> Hi,
> I am using ASP.NET windows authentication in one of the applications. My
> application is deployed on one of the 2003 servers. This server is member
> of
> a domain say "MyDomain".
> Now, when a user who is logged on to a system which dos not belongs to
> "MyDomain", tries to access this site, he gets a login dialog box which
> is
> correct. However, if the user is logged on to a system that belongs to
> "MyDomain", he should not get this dialog box. but in my case, he also
> gets
> this box.
>
> The same code works well in windows 2000.
>
> Please suggest.
>

[Sandy]

I checked this Ken.
This is not the case. IE is configured correctly.
The issues seems to happen only on windows 2003 servers with win XP clients.

"Ken Schaefer" wrote:

> This is a browser issue - it is the browser the decides whether to prompt
> the user for credentials. Check the rquirements for "auto logon" here:
>
> [url]http://support.microsoft.com/?id=258063[/url]
> Internet Explorer May Prompt You for a Password
>
> Cheers
> Ken
>
> "Sandy" <Sandy@discussions.microsoft.com> wrote in message
> news:20E9B2C9-AD2D-410D-AC0B-A657A13DD5A6@microsoft.com...

> > Hi,
> > I am using ASP.NET windows authentication in one of the applications. My
> > application is deployed on one of the 2003 servers. This server is member
> > of
> > a domain say "MyDomain".
> > Now, when a user who is logged on to a system which dos not belongs to
> > "MyDomain", tries to access this site, he gets a login dialog box which
> > is
> > correct. However, if the user is logged on to a system that belongs to
> > "MyDomain", he should not get this dialog box. but in my case, he also
> > gets
> > this box.
> >
> > The same code works well in windows 2000.
> >
> > Please suggest.
> >

>
>
>

[Paul Glavich [MVP ASP.NET]]

Have the Servers been "hardened" or had some security scripts run over them
to lock them down in any way?

--

- Paul Glavich
ASP.NET MVP
ASPInsider ([url]www.aspinsiders.com[/url])


"Sandy" <Sandy@discussions.microsoft.com> wrote in message
news:58A6FDC9-885B-4B85-831D-17CC2D986249@microsoft.com...

> I checked this Ken.
> This is not the case. IE is configured correctly.
> The issues seems to happen only on windows 2003 servers with win XP

clients.

>
> "Ken Schaefer" wrote:
>

> > This is a browser issue - it is the browser the decides whether to

prompt

> > the user for credentials. Check the rquirements for "auto logon" here:
> >
> > [url]http://support.microsoft.com/?id=258063[/url]
> > Internet Explorer May Prompt You for a Password
> >
> > Cheers
> > Ken
> >
> > "Sandy" <Sandy@discussions.microsoft.com> wrote in message
> > news:20E9B2C9-AD2D-410D-AC0B-A657A13DD5A6@microsoft.com...

> > > Hi,
> > > I am using ASP.NET windows authentication in one of the applications.

My

> > > application is deployed on one of the 2003 servers. This server is

member

> > > of
> > > a domain say "MyDomain".
> > > Now, when a user who is logged on to a system which dos not belongs to
> > > "MyDomain", tries to access this site, he gets a login dialog box

which

> > > is
> > > correct. However, if the user is logged on to a system that belongs to
> > > "MyDomain", he should not get this dialog box. but in my case, he also
> > > gets
> > > this box.
> > >
> > > The same code works well in windows 2000.
> > >
> > > Please suggest.
> > >

> >
> >
> >

[Paul Glavich [MVP ASP.NET]]

On our servers, we had to alter the setting mentioned in this article (
[url]http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/28433.asp[/url] )
and set it back to its default setting as all client requests were failing,
although in our case, I think it was Win2000 that was always failing. Same
symptoms though.

--

- Paul Glavich
ASP.NET MVP
ASPInsider ([url]www.aspinsiders.com[/url])


"Sandy" <Sandy@discussions.microsoft.com> wrote in message
news:58A6FDC9-885B-4B85-831D-17CC2D986249@microsoft.com...

> I checked this Ken.
> This is not the case. IE is configured correctly.
> The issues seems to happen only on windows 2003 servers with win XP

clients.

>
> "Ken Schaefer" wrote:
>

> > This is a browser issue - it is the browser the decides whether to

prompt

> > the user for credentials. Check the rquirements for "auto logon" here:
> >
> > [url]http://support.microsoft.com/?id=258063[/url]
> > Internet Explorer May Prompt You for a Password
> >
> > Cheers
> > Ken
> >
> > "Sandy" <Sandy@discussions.microsoft.com> wrote in message
> > news:20E9B2C9-AD2D-410D-AC0B-A657A13DD5A6@microsoft.com...

> > > Hi,
> > > I am using ASP.NET windows authentication in one of the applications.

My

> > > application is deployed on one of the 2003 servers. This server is

member

> > > of
> > > a domain say "MyDomain".
> > > Now, when a user who is logged on to a system which dos not belongs to
> > > "MyDomain", tries to access this site, he gets a login dialog box

which

> > > is
> > > correct. However, if the user is logged on to a system that belongs to
> > > "MyDomain", he should not get this dialog box. but in my case, he also
> > > gets
> > > this box.
> > >
> > > The same code works well in windows 2000.
> > >
> > > Please suggest.
> > >

> >
> >
> >

[Sandy]

Yes. Some scripts does run but not sure what exactly they are. Its a
production server.

"Paul Glavich [MVP ASP.NET]" wrote:

> Have the Servers been "hardened" or had some security scripts run over them
> to lock them down in any way?
>
> --
>
> - Paul Glavich
> ASP.NET MVP
> ASPInsider ([url]www.aspinsiders.com[/url])
>
>
> "Sandy" <Sandy@discussions.microsoft.com> wrote in message
> news:58A6FDC9-885B-4B85-831D-17CC2D986249@microsoft.com...

> > I checked this Ken.
> > This is not the case. IE is configured correctly.
> > The issues seems to happen only on windows 2003 servers with win XP

> clients.

> >
> > "Ken Schaefer" wrote:
> >

> > > This is a browser issue - it is the browser the decides whether to

> prompt

> > > the user for credentials. Check the rquirements for "auto logon" here:
> > >
> > > [url]http://support.microsoft.com/?id=258063[/url]
> > > Internet Explorer May Prompt You for a Password
> > >
> > > Cheers
> > > Ken
> > >
> > > "Sandy" <Sandy@discussions.microsoft.com> wrote in message
> > > news:20E9B2C9-AD2D-410D-AC0B-A657A13DD5A6@microsoft.com...
> > > > Hi,
> > > > I am using ASP.NET windows authentication in one of the applications.

> My

> > > > application is deployed on one of the 2003 servers. This server is

> member

> > > > of
> > > > a domain say "MyDomain".
> > > > Now, when a user who is logged on to a system which dos not belongs to
> > > > "MyDomain", tries to access this site, he gets a login dialog box

> which

> > > > is
> > > > correct. However, if the user is logged on to a system that belongs to
> > > > "MyDomain", he should not get this dialog box. but in my case, he also
> > > > gets
> > > > this box.
> > > >
> > > > The same code works well in windows 2000.
> > > >
> > > > Please suggest.
> > > >
> > >
> > >
> > >

>
>
>

[Sandy]

Paul, Thanks a lot.

Are you saying that in your case, clients were windows 2000 and Server was
windows 2003?


"Paul Glavich [MVP ASP.NET]" wrote:

> On our servers, we had to alter the setting mentioned in this article (
> [url]http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/28433.asp[/url] )
> and set it back to its default setting as all client requests were failing,
> although in our case, I think it was Win2000 that was always failing. Same
> symptoms though.
>
> --
>
> - Paul Glavich
> ASP.NET MVP
> ASPInsider ([url]www.aspinsiders.com[/url])
>
>
> "Sandy" <Sandy@discussions.microsoft.com> wrote in message
> news:58A6FDC9-885B-4B85-831D-17CC2D986249@microsoft.com...

> > I checked this Ken.
> > This is not the case. IE is configured correctly.
> > The issues seems to happen only on windows 2003 servers with win XP

> clients.

> >
> > "Ken Schaefer" wrote:
> >

> > > This is a browser issue - it is the browser the decides whether to

> prompt

> > > the user for credentials. Check the rquirements for "auto logon" here:
> > >
> > > [url]http://support.microsoft.com/?id=258063[/url]
> > > Internet Explorer May Prompt You for a Password
> > >
> > > Cheers
> > > Ken
> > >
> > > "Sandy" <Sandy@discussions.microsoft.com> wrote in message
> > > news:20E9B2C9-AD2D-410D-AC0B-A657A13DD5A6@microsoft.com...
> > > > Hi,
> > > > I am using ASP.NET windows authentication in one of the applications.

> My

> > > > application is deployed on one of the 2003 servers. This server is

> member

> > > > of
> > > > a domain say "MyDomain".
> > > > Now, when a user who is logged on to a system which dos not belongs to
> > > > "MyDomain", tries to access this site, he gets a login dialog box

> which

> > > > is
> > > > correct. However, if the user is logged on to a system that belongs to
> > > > "MyDomain", he should not get this dialog box. but in my case, he also
> > > > gets
> > > > this box.
> > > >
> > > > The same code works well in windows 2000.
> > > >
> > > > Please suggest.
> > > >
> > >
> > >
> > >

>
>
>

[Paul Glavich [MVP ASP.NET]]

Yes. Not all clients were Win2000, but only these ones had the problems. Our
server group had performed "hardening" on the servers, and configured that
specific setting to only accept the highest levels of encryption and
authentication. The new XP builds that had also been performed had a similar
hardening process and were configured appropriately. The older builds of
Windows2000 were not configured to support the extra security settings and
were failing. Once I set the Windows2003 servers back to the default
settings (as listed on that article link I posted) it all worked fine.


--

- Paul Glavich
ASP.NET MVP
ASPInsider ([url]www.aspinsiders.com[/url])


"Sandy" <Sandy@discussions.microsoft.com> wrote in message
news:44676A23-7A6E-4316-93E0-755168E07764@microsoft.com...

> Paul, Thanks a lot.
>
> Are you saying that in your case, clients were windows 2000 and Server was
> windows 2003?
>
>
> "Paul Glavich [MVP ASP.NET]" wrote:
>

> > On our servers, we had to alter the setting mentioned in this article (
> >

[url]http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/28433.asp[/url] )

> > and set it back to its default setting as all client requests were

failing,

> > although in our case, I think it was Win2000 that was always failing.

Same

> > symptoms though.
> >
> > --
> >
> > - Paul Glavich
> > ASP.NET MVP
> > ASPInsider ([url]www.aspinsiders.com[/url])
> >
> >
> > "Sandy" <Sandy@discussions.microsoft.com> wrote in message
> > news:58A6FDC9-885B-4B85-831D-17CC2D986249@microsoft.com...

> > > I checked this Ken.
> > > This is not the case. IE is configured correctly.
> > > The issues seems to happen only on windows 2003 servers with win XP

> > clients.

> > >
> > > "Ken Schaefer" wrote:
> > >
> > > > This is a browser issue - it is the browser the decides whether to

> > prompt

> > > > the user for credentials. Check the rquirements for "auto logon"

here:

> > > >
> > > > [url]http://support.microsoft.com/?id=258063[/url]
> > > > Internet Explorer May Prompt You for a Password
> > > >
> > > > Cheers
> > > > Ken
> > > >
> > > > "Sandy" <Sandy@discussions.microsoft.com> wrote in message
> > > > news:20E9B2C9-AD2D-410D-AC0B-A657A13DD5A6@microsoft.com...
> > > > > Hi,
> > > > > I am using ASP.NET windows authentication in one of the

applications.

> > My

> > > > > application is deployed on one of the 2003 servers. This server is

> > member

> > > > > of
> > > > > a domain say "MyDomain".
> > > > > Now, when a user who is logged on to a system which dos not

belongs to

> > > > > "MyDomain", tries to access this site, he gets a login dialog box

> > which

> > > > > is
> > > > > correct. However, if the user is logged on to a system that

belongs to

> > > > > "MyDomain", he should not get this dialog box. but in my case, he

also

> > > > > gets
> > > > > this box.
> > > > >
> > > > > The same code works well in windows 2000.
> > > > >
> > > > > Please suggest.
> > > > >
> > > >
> > > >
> > > >

> >
> >
> >