ASP.NET Windows authentication not working

Question

User1064403333 posted

In 2013, I built an ASP.NET Webforms intranet application with Windows authentication and everything worked fine.

FYI, back then, I was running Windows Server 2008. Now, I am running Windows Server 2019 which contains the domain user account.

Today, I cannot get it to work properly on my dev machine - not even a new simple dummy test site.

On my development PC, I am running Windows 10 Pro with the full IIS on it - I believe it is IIS 10.

So what's the problem?

On my development PC, when I launch default.aspx I get a login prompt dialog box rather than a seamless recognition of the user account (and I should not get a dialog box).

I get the same issue with:

1. Microsoft Internet Explorer v11
2. Microsoft Edge
3. Microsoft Edge Chromium

On IIS for the dummy test site, under Authentication I have:

Anonymous Disabled
ASP.NET Impersonation Enabled
Windows Authentication Enabled

On the ASP.NET Webforms site, in web.config at the root of the site I have:

<system.web>
    <compilation targetFramework="4.5" debug="true">
      <assemblies>
        <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
        <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
        <add assembly="System.DirectoryServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
      </assemblies>
    </compilation>
    <httpRuntime targetFramework="4.5" />

    <authentication mode="Windows" />
    <identity impersonate="true" userName="DOMAINNAME\AdminUser" password="pass" />

  </system.web>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
</system.webServer>

I have tried changing the targetFramework to 4.8 on the ASP.NET Webforms site but no difference.

I also tried binding a dedicated SSL certificate in case the authentication protocols between client and server has changed between IIS 7 and IIS 10 and Windows 2008 and Windows 2019

Any ideas? Thanks.

Answer 1

User-1330468790 posted

Hi John,

 

First of all, the windows login prompt dialog is an internet setting and the default setting is "Automatic logon only in Intranet zone". Please make sure that your development PC is in the intranet zone.

 

You could check the setting following the below steps (Use IE as an example, you could directly open the internet option via Control Panel -> Internet option):

• Open the Internet Explorer and click the settings icon, and then select the ‘Internet Options’.

    

• Select the ‘Security’ tab in the pop-up window.

    

• Choose the “Custom level"

    

• Prompt Settings: from your requirement, default one should be working.

    

PS: Chrome follows the same internet settings that has been set to the Internet Explorer

 

In short, the login prompt is a by-design behavior and when it will be pop up is depending on your internet settings.

 

Hope this can help you.

Best regards,

Sean

Answer 2

User1064403333 posted

Hi Sean

Thank you very much for the detailed response.

Please make sure that your development PC is in the intranet zone.

I assume you mean "make sure that your site is in the intranet zone." on the development PC.

I have checked the settings as you helpfully suggested and they are indeed the default settings. "Automatically logon only in Intranet zone"

I added the site to the Local Intranet Zone but there is no difference in behavior.

I have created 4 basic new test sites and none work as expected

I still get the Login Prompt Dialog box

Answer 3

User753101303 posted

Hi,

See https://support.microsoft.com/en-us/help/258063/internet-explorer-may-prompt-you-for-a-password for a checklist of needed conditions. In particular check NTFS permissions (including for the impersonated account).

Not directly related but do you really need ASP.NET impersonation? I rather configure the application pool to run with my custom identity (and then you should be able to set validateIntegratedModeConfiguration to true).