Integrated Authentication.... 

Integrated Authentication.... 

  
hi,
I'm trying to implement in a espace, integrated authentication, on IE is constantly asking for credentials ... But in firefox works correctly ....

The browsers are configured the same way .... any ideas?

I am implementing authentication as follows:
PAGE





PREPARATION PAGE



BR
Hi Bruno,

Are you sure it's not the other way around? Firefox asks for login and IE does not?

Assuming this is the case, this is because IE authomatically allows Kerberos authentication and will pass in your Windows credentials when requested. Firefox does not do this automatically.

Cheers,


Miguel
Hello,

is in IE that is constantly asking for credentials ....

Firefox works fine ...

: s










BR
browsers settings:






BR


Hmm....

A few questions:

Does IE eventually accept the login you give it or will it never let you proceed?
Are both machines on the same domain?
Does the PORTO\PORTO login exist on the target (server) machine or is it just a local account on the client computer (the one where you're running the browser)?

Cheers,


Miguel
Does IE eventually accept the login you give it or will it never let you proceed?
NO, Dont let me proceed... its prompt a new window asking for credentials

Are both machines on the same domain?
Is the same machine
Does the PORTO\PORTO login exist on the target (server) machine or is it just a local account on the client computer (the one where you're running the browser)?

Yes, there is in  the server, and it log in when I'm using Firefox ....
In IE I can not even make the Debug, because it is requesting credentials ... in firefox I can do debug, I can check the result of the function:
IntegratedSecurityGetDetails 

IntegratedSecurityGetDetails.Username = PORTO\PORTO
IntegratedSecurityGetDetails.isAuthenticated  = TRUE
 BR

So, if I got it right, you're making a request to the local machine and the user is also local to the machine.

I would guess that what is hapenning is a byproduct of what I said above: IE is trying to negociate a Kerberos token (and it's failing because there's no domain controller) while Firefox is doing an NTLM authentication that works locally.

Try opening the IIS Manger, navigate down to the Virtual Directory of your application and, on the Features View, select IIS > Authentication. Then on the Windows Authentication property, selecy Providers... (you may need to Enable it first if it's Status is Disabled). On the dialog, select Negociate and Remove it (these steps assume the IIS 7 Manager console... IIS 6 will be different)

Try again with IE... hopefully it will now use NTLM as Firefox does.

Let me know if it worked,


Miguel
hi,

thanks,
i found the solution in

http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/c9239a89-fbee-4adc-b72f-7a6a9648331f/


"

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it."



thanks
Miguel Melo for the help...

i was preparing to post the solution....

Best Regards
BR