Last post May 11, 2010 08:54 AM by shinus
May 04, 2010 01:26 PM|shinus|LINK
My application is using Windows authentication. I have set authentication type to Windows and Impersonation to true. When i access the site locally it is working fine. But when i access the site from a different machine in the same network i am getting a
pop up window asking me to enter the credentials. Even if i enter my domain username and password it is not accepting and will keep coming up.
Thanks in Advance!!
May 04, 2010 02:34 PM|SatyaV|LINK
This is typically because you are running the application pool in the remote machine under a user other than NETWORK_SERVICE. In that case, you have to setup new SPNs (service principal names) for the host server in Active Directory with that user, so that
the kerberos can work correctly.
Please read up on this, because there are implications to other websites running on that server, if you setup new SPNs.
May 05, 2010 03:43 AM|shinus|LINK
When i accessed the site using IP instead of machine name in the URL, the pop up came only once. After that it worked fine.As you said the applicaiton pool is runing not under network service.
what would be the issue?
May 06, 2010 01:49 AM|SatyaV|LINK
Do you have multiple ip's on the machine / multiple A-records in the DNS for that server ? I am guessing the authentication is falling back to NTLM, but that your popup works only when using the ip is a little confusing ...
May 06, 2010 05:32 AM|Jerry Weng - MSFT|LINK
But when i access the site from a different machine in the same network
Set the username and password which we impersonate.
<identity impersonate="true" userName="DomainName\UserName" password="password"/>
Follow this document to secure the section.
May 06, 2010 06:27 AM|shinus|LINK
The issue is resolved when i chaged the account under which the application pool runs, to Network Service. Now it is working fine.
Another issue i am facing is that if the user does not have access to a particular page and he tries to access that page, pop up window will appear, instead of redirecting directly to the error page. Do you have any idea how to suppress this window on authorization
May 06, 2010 08:06 AM|Jerry Weng - MSFT|LINK
instead of redirecting directly to the error page. Do you have any idea how to suppress this window on authorization failed?
As I know, it seems hard to do cancel the login window from server side. It's a windows function to authenticate user.
Is there any trouble to rediret to the error page?
May 11, 2010 08:54 AM|shinus|LINK
There is no trouble in redirecting the page. only issue is pop up window on authorization failed.
On the error, pop up window will appear and if the use canceled, it will be redirected to error page.
If the user enters username and password, it will again appear.