locked
IIS Impersonate prompting for password first time RRS feed

  • Question

  • User91228176 posted

    We have a asp.net IIS Web App setup and impersonating is working, but it is prompting the user for a user/password the first time.  Is there a way to set it up so it doesn't prompt for user password the fist time?

    Setup:

    --------------------

    IIS Authentication:

    Basic Enabled

    asp.net Impersonation Enabled

    Anonymous Disabled

    Forms Distabled

    Windows Disable

    -------------------

    Application Pool: Set to run as an AD Account:

    The AD Account has 

    SPN:  http/servername

    Delegation enabled and trust is set for the SQLServers.

    AD Account has permissions to the Application Folder

    Users have access to the Webfolders. 

    web.config

        <authentication mode="Windows" />        <identity impersonate="true" />

      <system.webServer>     <directoryBrowse enabled="false" />     <security>         <authentication>             <!--<anonymousAuthentication enabled="false" />-->           <windowsAuthentication enabled="true">                     <providers>                         <clear />                         <add value="NTLM" />                         <add value="Negotiate" />                     </providers>                 </windowsAuthentication>         </authentication>     </security>


    DEM

    Monday, October 3, 2016 11:34 AM

Answers

All replies

  • User690216013 posted

    Prompts at browsers are controlled by browser side settings, such as

    https://support.microsoft.com/en-us/kb/258063

    There is nothing you can do on IIS side.

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Tuesday, October 4, 2016 12:51 AM
  • User-460007017 posted

    Hi molondy_UCH,

    IIS allow two kind of authentication through impersonate. The first one is anonymous account like IUSR or IIS_IUSRS.

    The second type is use windows authentication.

    If you need to remove the prompt, you could try to edit windows account in

    <identity impersonate="true" userName="Account" password="Password"/>.

    It could be a static account for impersonate with all user. However, it could be an unsafety method.

    Best Regards,

    Yuk Ding

    Tuesday, October 4, 2016 8:52 AM