Last post Nov 30, 2013 05:46 AM by galori
Nov 30, 2010 01:42 PM|devashishbiswas|LINK
My website getting a pop up authentication requiring form (user name and password) every time when anyone hit the website.
. Have tried various browsers, Every where i'm facing the same problem. No plugins installed
Please help me as soon as possible.. Still looking for some information regarding the problem on various forums
Nov 30, 2010 05:32 PM|sachingusain|LINK
You might be using windows authentication and that is what causes authentication required form to pop-up if someone outside the domain is trying to access it.
Dec 03, 2010 08:16 AM|Hua-Jun Li - MSFT|LINK
Hi devashishbiswas ,
As long as it's a domain member on a local network, IIS uses the credentials of the person logged in to the workstation and will not prompt.
If the workstation is not a domain member, or it's a public site behind a firewall/proxy, you'll get a prompt.
The probelm you see is a browser issue, not an IIS one. IE won't pass credentials to a site unless it's in the intranet security zone or the same domain. IP addresses aren't a domain or machine name so IE sees tham as internet zone and won't pass credentials.
To fix this, add the IP address to the intranet zone in IE's security tab.
Please check the following link:
Dec 03, 2010 09:09 AM|ASTPrabhu|LINK
Under directory security tab in IIS
Clikc Edit & Enable Anonymous access option
Dec 03, 2010 09:15 AM|vijaypant|LINK
and disable Basic Authentication too in iis for your website
Oct 31, 2013 10:09 AM|ronnyrunatserver|LINK
can you please eblaborate the below bold part
You might be using windows authentication and that is
what causes authentication required form to pop-up if someone outside the domain is trying to access it.
Thanks in advance
Nov 30, 2013 05:46 AM|galori|LINK
>> @ronnyrunatserver: can you please eblaborate the below bold part You might be using windows authentication and that is what causes authentication required form to pop-up if someone outside the domain is trying to access it.
This is about an Active Directory domain. In the common configuration for a public website, IIS should just be configured to allow anonymous access, and then the domain issue becomes irrelevant.
However if you configure IIS to not allow anonmyous access, then the user is prompted to login.
I don't know if this is still true for the latest IIS and the latest Internet Explorer, but it used to be that if IIS responded with a 401 (requires auth) - IE would automatically provide the logged in Active Directory Domain user's credentials and the user
would automatically be logged in. Other browsers would just respond with an auth dialog, prompting the user for a username and password. This only works in the scenario where a user inside a corprate network accesses IIS with IE and both user and server are
on the same Active Directory domain.
I'm guessing the outside the domain comment refers to any situation where the user is not logged into the same Active Directory Domain, which is going to be the likely case for any public web site.
Disclaimer: Its been many years since I've used these technologies, but sounds like the functionality is still the same.
fact that if IIS is checking the username and password against the same Active Directory domain as the user is logged in to - then the user can be successfully authenticated without any user interaction. If the domains don't match - which would typically
be the case