13

I am deploying my web application on iis6. I kept receive this "windows security" pop up to enter user name and password.. I have already disabled anonymous user, and checked integrated windows authentication but it just wont "automatically" login.

What should i do?

I have check the security settings-local intranet zone: "login as automatic logon only in Intranet zone". Also my production server is a standalone server, and hence might not hold AD account and credentials.

gparent
  • 3,561
  • 2
  • 23
  • 28
  • What browser are you using? – Oskar Kjellin Apr 27 '12 at 09:35
  • both IE and Firefox wont work.. –  Apr 27 '12 at 09:52
  • you should potentially remove tags for visual studio 2010 and c# and asp.net and add tags for windows-server-2003 and iis6. Potentially move qeustion over to server fault an admin would be much better suited to tackling this question. – Anicho Apr 30 '12 at 14:53

5 Answers5

8

For Internet Explorer, you might have to add the server address to the local intranet zone. IE often has a hard time detecting local intranet servers on its own, so you might have to manually add your site to that list. You can do that manually in IE settings or you can use group policies to manage a list of intranet servers within an AD domain. You can view the zone IE has chosen for your site from the menu File/Properties.

For Firefox, you have to tell FF to forward your network credentials to that site. in about:config you have to add the sites to the settings

network.automatic-ntlm-auth.trusted-uris

and

network.negotiate-auth.trusted-uris

.

Dirk Trilsbeek
  • 296
  • 3
  • 6
  • hey because i am not an administrator, i cannt add the site to the zone. it is gray out! yes, i tried doing that on my local development pc and it works. But what should i do at the production server? –  Apr 30 '12 at 02:46
  • Nothing on the server. It's a client-side problem. You need to ask the client administrator to add the server name to the local intranet zone, or change the DNS name of the server so that it matches the settings already in that zone (for eg, if the zone is configured for *.company.com and your server is randonname.differentdns.com , make sure it's accessible via newname.company.com) – TristanK May 02 '12 at 00:28
3

http://support.microsoft.com/?id=258063 All you need to know, let me know how it goes.

I would love to rewrite this lovely article and take credit but that's cheating. I have fallen in the hands of this issue myself but this article was a life saver I keep it in my bookmarks under IIS solutions lol.

Update:

Let's get this straight you have I am presuming a windows server 2003/2003 r2 box or xp machine with IIS6.

Before we dig deeper check the following out make sure you have setup a new site in iis6, pointing to a folder in C:\inetpub\wwwroot\, if not there pointing to C:\MyOwnFolder or C:\Program Files\SomeFolder is fine you will need make sure folders have the following permissions:

Inetpub\wwwroot (or C:\MyOwnFolder) Administrators        Full control 
Inetpub\wwwroot (or C:\MyOwnFolder) System                Full control 
Inetpub\wwwroot (or C:\MyOwnFolder) IIS_WPG               Read, execute 
Inetpub\wwwroot (or C:\MyOwnFolder) IUSR_MachineName      Read, execute 
Inetpub\wwwroot (or C:\MyOwnFolder) ASPNET                Read, execute

Source: http://support.microsoft.com/kb/812614

Now you should look into your IIS settings.

How to un-configure Authentication in IIS

  1. Start IIS Manager or open the IIS snap-in.

  2. Expand Server_name, where Server_name is the name of the server, and then expand Web Sites.

  3. In the console tree, right-click the Web site, virtual directory, or file for which you want to configure authentication, and then click Properties.

  4. Click the Directory Security or File Security tab (as appropriate), and then under Anonymous and access control or Authentication and access control, click Edit.

  5. Click to uncheck all options next to the authentication method or methods that you want are currently checked, and then click OK.

  6. Click to check enable anonymous access

  7. Make sure username is set to MACHINENAME\IUSR_MACHINENAME obviously replacing MACHINENAME with the name of your server/machine.

  8. IUSR is a built in account it should automagically authenticate it's self

Source: http://support.microsoft.com/kb/324274 ( this article is the opposite of what I just showed you to do )

Try all this if does not work I will give some further steps, there are a billion and one things you can check.

Anicho
  • 275
  • 2
  • 5
  • 11
  • sorry, im kinda confuse. becox i had tried so many ways, while my previous project was successful. maybe its because of the server, btw the "Internet Explorer's Intranet zone security setting" part is not working both on the client and server side, and i couldnt add the server address to client's browser becox they got no admin rights. –  Apr 30 '12 at 08:45
  • @HuatsinYeo I have updated my answer. – Anicho Apr 30 '12 at 11:18
0

You should check the files authentication in windows. Ex authenticated users group. There are two authentication that you need to take care of. IIS authentication and the file system access.

0

Before the application pool credentials kick in, the IUSR_computername account is used to load the configuration for the website. Make sure IUSR_computername account (also known as aspnet account) has read access to the folder where that application is deployed.

ILoveStackOverflow
  • 111
  • No, it's not. App pool credentials are the first thing used to boot and read configuration for an App Pool. – TristanK May 02 '12 at 00:26
-1

Well, I am new to Dotnet I dont know if the solution that worked for me and the above is the same, but anyways here's what I did.

We were facing issues too in an upload utility and whenever the user clicked on "Upload" button, a pop up window kept popping up for asking for credentials(Which never hapened intially) and ultimately led to "401 invalid credentials" error.

You just have to go to the concerned folder/website in the IISNET manager on the server and right click and check the security. Add the users/ groups that should have access to upload and give them full permission if not present already.

Post this change they should be able to access/ upload the file without any credentials prompt.

Lekshmi
  • 1