4

We want to host ASP.NET MVC 5 project (.NET 4.8 Framework) where users will be automatically authenticated via their Windows login. When the users call the hosted project via the browser, then the browser should not prompt the user to login. The browser should pass the login-data to the server-side controller automatically.

Regarding this article, the Integrated Windows Authentication uses the security features of Windows clients and servers. Unlike Basic or Digest authentication, initially, it does not prompt users for a user name and password.

So the Integrated Windows Authentication seem to be the correct solution for our problem.

The MVC 5 Project has the following entry in the web.config file:

<configuration>
  [...]
  <system.web>
    [...]
    <authentication mode="Windows" />
    <authorization>
      <deny users="?" />
    </authorization>
  </system.web>

Here are the authenciation settings in IIS:

authentication settings iis - Windows Authentication

The authenticated user data is accessible in the controller by the following code:

public class HomeController : Controller
{
    public ActionResult Index()
    {
        var lWindowsIdentity = Request.LogonUserIdentity;

        [...]
    }
}

The Problem: When we access the site in the browser via the binding http://192.168.178.41 then we expect, that the user is logged in automatically, but an prompt appears:

enter image description here

How to login in asp.net MVC using windows authentication without prompt?

Simon
  • 4,157
  • 2
  • 46
  • 87
  • Does this help: https://supportdesk.win911.com/support/solutions/articles/24000032823-how-to-stop-the-password-popup-in-internet-explorer-ie-authentication-setup- – Nick.Mc Jun 10 '21 at 10:55

4 Answers4

1

Have you try the answer from this ticket ASP.NET MVC intranet app with windows authentication, how to get the current domain user automatically? ?

The fix for that guy was to go to authentication menu in iis -> select windows authentication -> click providers in the right pane -> adjust so that only NTLM is in the list of available providers. Negotiate seems to be the culprit for forcing the log-in prompt.

MrFlo
  • 335
  • 3
  • 8
1

Check if the page is in the intranet zone... if not you might need to add it specifically to the intranet zone using the servername and/or ip address via configuration / internet options / security / local intranet / websites

rekna
  • 5,313
  • 7
  • 45
  • 54
  • Thank you very much for your answer. Can you please tell me in which application the settings "configuration/internet options/security/local intranet/websites" should be made? – Simon Jul 09 '21 at 08:34
  • Sorry, configuration should have been Control Panel (the old windows settings). Category Network and internet, Internet options, tab security, choose local intranet zone, there you have a button Websites. Alternative you can also reach it from internet explorer, cog icon, than internet options – rekna Jul 10 '21 at 08:50
  • If the above solves the problem, I know it is possible to add this for all users using a group policy. How this is exactly done, I don't know, I just ask our ict department :-) – rekna Jul 10 '21 at 08:56
1

Disable "Anonymous authentication" and make sure that "NTLM" is above "Negotiate" as a windows authentication provider (right-click in IIS on "Windows Authentication")

And since you disabled the "anonymous authentication" provider, there is no need for the <authorization> section in your web.config. remove it.

Finally test if it works.

jgauffin
  • 99,844
  • 45
  • 235
  • 372
  • Thank you very much for your answer. The provider `NTLM` is above `Negotiate`. In Addition, I have removed the ``-attribute. Unfortunately these two hints let not disappear the login-dialog. It is still shown. – Simon Jul 09 '21 at 08:39
1

I think on development web server that is with in the localhost environment it will skip the prompt but when the application runs through IIS(production) server, it prompts the user with the dialog that is pretty normal behavior. When you initiate a local url(your local ip) it kicks in IIS web server(not local) which checks for windows authentication and issues a prompt.

Please see this

Harkirat singh
  • 599
  • 6
  • 19