Firefox Asks For Username/password On Every HTTP Request With Digest Authentication Enabled On IIS6
Nov 12, 2010
I've recently enabled Digest Authentication on an intranet website/application I am creating for my company in ASP.NET.
The reason I have done so is because Windows Authentication seemed to only work for some users, and not for others. I could not figure out why nor do I know enough about IIS to try and trace the issue. After some trial and error, I found that digest authentication seemed to give me the behaviour that I wanted. That is: allow only users with a valid account on the domain to log in to the website with their credentials.
The problem now, is that Firefox (3+) seems to ask for the user to authenticate on every HTTP request sent to the server. This does not appear to occur in Internet Explorer (6+) or Chrome.
I've tried searching for solutions but I always arrive at dead-ends. I'll find a discussion about the issue, and every posted solution leads to a dead link...or it's on Experts Exchange and I don't have access to view to solution.
The issue appears to be related (from what I've read) to the way the different browsers send their authentication headers vs how IIS interprets them. I'm not sure what I can do to change this though? One of the solutions I had found mentioned writing an ISAPI filter to fix this, but of course the link to the finished filter was broken and I have no idea how to go about making one myself.
I've tried messing with the NTLM and other auth related strings in about:config to try and force Firefox to trust my server but that doesn't seem to work either.
From a few other sources I've read, it appears that everything should work if I switch back to Windows Authentication, but then I'm back at square one where the authentication would work only for some users and not others.
A solution for either problem would work for me, but I have very little information for the Windows Authentication issue. If someone could guide me through tracing the problem I'd gladly post more information for it as well.
[URL]
View 1 Replies
Similar Messages:
Nov 4, 2010
I am running on windows XP IIS 5.1
When I try to go into localhost in IE it works fine but in Firefox it asks me to enter user name and password.
In my IIS configuration I have ticked to use Anonymoous access under Authentication.
View 3 Replies
Sep 16, 2010
Foe getting Logon computer username i m using digest authntication mode. But when i browse website it's asking for username and password. while already windows login with the same username.
I understood that in this auhtntication mode it's required. But r there any configuration with it i am not getting this Prompt ? Any group ploicy ??
For IE i have added website into trusted zone but still it's asking for username and password.
R there any other way i getting Computer logon name in asp.net application. There are But only work when i run from Editor from IIS it's not retuning value.
View 2 Replies
Apr 20, 2010
I am connecting to remote server for web service using ASP.NET 3.5 web site. something like, [URL]. Remote server is providing digest authentication to access the web service. I dont have access to modify authentication on the remote server but I have an windows account on that server. If I try to Access service WSDL through programming I get the following error:
The request failed with HTTP status 401: Unauthorized. Same web service if I try to access through browser, [URL], it asks for user name and password. Entered windows account user name and password, still getting error: You are not authorized to view this page, HTTP Error 401.1 - Unauthorized. How to pass the digest authentication credentials to the web service through visual studio or any other programmatic method?
View 1 Replies
Oct 25, 2010
I am kinda new to WCF and the setting up of service and have 2 questions. My first question I have a service that will be accessed via https on a web server. However locally on my local IIS7, it will be accessed via http as https is not available. How can I set up a service to be accessed by both?
My second question is regarding how I can set up a service that requires a username and password to be accessed. The service that I have in place I dont want methods within it to be accessed unless the calling application has the rights to do so?
Here is an example of the relevant area of my web.config file.
<system.serviceModel>
<bindings>
<webHttpBinding>
<!-- standard AJAX binding that supports SSL -->
<binding name="TransportSecurity">
<security mode="Transport" />
[Code].....
In this config, the service is set up for http only and not username/password applied to it.
View 1 Replies
Oct 16, 2010
Over the past two weeks or so, I've been getting feedback from users on my site that a popup box is interferring with their use of my search page. From the research I've done, it appears only Firefox users are having this problem. I haven't changed my site, so I can't figure out why this is happening. Has anyone successfully corrected this problem. It's costing me traffic, so I have to figure this out. My site is based on the classified starterkit.
View 4 Replies
Jan 12, 2011
I have a service (WCF) with which my ASP.NET page will communicate. The WCF service has hashed passwords in its data store (a file actually). The WCF service requires the username and the hashed password on every call. Nowm the problem I'm encountering is that if I authenticate the user with forms authentication in ASP.NET, a cookie will be saved in the user's computer after the user is authenticated but I would like to save the username and hashed password too so that the user may able to use the WCF service. Where should this information should be saved so that it is safe and secure? Should I use session variables? If I choose that option that, then should I switch from forms-based authentication and manually authenticate using session variables or use both forms-based autentication for web page access and store the username and hashed password in a session variable? What are the pros and cons of each?
View 2 Replies
Jul 29, 2010
I'm writing an ASP.Net MVC intranet application which is accessed via handhelds and a range of browsers. My users all have AD accounts and have different permission to our SQL database views/procs depending on who they area. The database also uses CURRENT_USER for horizontal partitioning.
Because of the range of devices that need to access the application I can't rely on impersonation/delegation or the trusted subsystem. I want the user to simply input username and password (same as AD) when the above mechanisms fail.
Does anyone know how I can use AD username and password in a connection string to access the database without creating a set of SQL mirror accounts? I can't login with network service or a sql proxy account because the database needs to be user aware.
View 1 Replies
Jan 3, 2011
In the web.config, how do add a connection string by using a window authentication with the username and password? I have tried like this and it keeps ignoring the username and password
<connectionStrings>
<clear/>
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="Integrated Security=SSPI;Initial Catalog=ufiledb;Data Source=MyServer;User Id=user1;Password=xxxxxx" providerName="System.Data.SqlClient"/>
</connectionStrings>
View 2 Replies
Mar 6, 2012
I have the asp.net with authentication set to forms. After deploying new version on server it started to display a UsernName Password dialog box (like in windows authentication) on the login.aspx page.
When user click "cancel" the login.aspx page displays normally and user could log in and continue his work normally.
I don`t know how to get rid of that dialog box? Anonymous login on IIS is enabled, and the anonymous IIS user has access to that file - login.aspx
View 2 Replies
Jun 18, 2010
I have an ASP.NET setup website using Windows authentication. Each time I open IE and try to access the webpage I get a windows authentication screen. Once I have logged in I can see the website fine. My problem is that every time I open a new IE browser I have to re-enter my username and password. I have heard about thew double hop issue, is this what it could be. If so how many ip fix this. Any ideas how i can stop this box showing up each time? I have ticked the "remember my username/password" tick box but still no joy. I am using Windows Server 2003, IIS 6.0 and .NET 4.0.
View 2 Replies
Jan 24, 2011
One our customer complaint about HYH virus storing form authentication user credentials in clear text in his local system. Customer is accessing website through internet explorer. Is any preventing measure we can take in website or Code level?More details on Website1) Hosted in IIS 6.02) Windows Server 2003 Operating System ) Written in ASP & ASP.net combination
View 1 Replies
Apr 29, 2010
I am using ASP.NET Forms Authentication for my application. I have made my Password Format "Clear", so no problems with the password encryption. I need to create a view(in SQL server) to display all Administrators in my System. ie aspnet_Roles.LoweredRoleName='administrator' The fields needed are UserName and Password
View 1 Replies
Nov 18, 2010
We have a link in our site that pin points to sharepoint documents and we are retreiving some documents files (*.doc). Our sharepoint uses IWA (integrated windows authentication) which is prompted if we're trying to access that documents, unfortunately we don't want to prompt that window to authenticate the user. We need is to create a username and password and authenticate it. how can we do that.
Note* we have 2 server one for our application and the other one is for sharepoint.
View 3 Replies
Mar 5, 2010
i searched on google for a simple explanation of digest authentication but didn't find any good ones. How does it differ from Basic Authentication other than sending credentials as plain text?
give an example of the transaction.
View 2 Replies
Feb 24, 2011
I am getting following error in the Test which is in the same Box but IIS requires Https to view the Page. I have change Web.Config to accept https. I was able to add the Service References without any problem but while call the method I get The HTTP request was forbidden with client authentication scheme 'Anonymous'. this error message. I am trying to use userNameAuthentication.
<bindings>
<wsHttpBinding>
<binding name="Binding1">
[code]...
View 1 Replies
Feb 8, 2010
what would be the user name and password of http://localhost/Reports to access SERVER 2005 Reporting service
View 7 Replies
Oct 15, 2010
I'm using a WCF with windows authentication.
I also use custom binding:
[Code]....
While trying to access the service without specifing the user credentials everything work's ok and the current user(Thread.CurrentPrincipal.Identity.Name) at service is the logged in user.
When I try to set user credentials this way:
[Code]....
The service just ignores them.
When I try it this way:
[Code]....
I'm getting this error: "The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'."
View 1 Replies
Nov 5, 2010
I have a REST WCF service defined as follows:
[ServiceContract]
public interface IRest {
[OperationContract]
[WebGet(UriTemplate = "/test")]
int Test();
}
With the following web.config:
[code]....
EDIT: You can all reproduce this by creating a new WCF Service in VS2008 (new Project > WCF Service Application). Browse to the dummy method ('GetData')... you will notice it returns 400... that's fine because it shows it's still forwarding to WCF. However, if you enable wildcard mapping in IIS6 you will now get a 404, meaning WCF is no longer intercepting the request.
View 2 Replies
Feb 3, 2010
I'm trying to connect to a site using digest authentication but it continuously gives "401 - Unauthorized" even the password is correct. Here's the sample code I'm using:
[Code]....
This is the server header I got:
Server: Apache/2.2.13 (FreeBSD) mod_ssl/2.2.14 OpenSSL/0.9.8e DAV/2 mod_wsgi/2.8 Python/2.5.4 PHP/5.2.12 with Suhosin-Patch
View 1 Replies
Sep 15, 2012
URL...how we can sending formatted email now in my Login.aspx page i have Textbox that when users forget their password they should type their Username on the textbox and after that click on send button.I want when users click on send button their user name that they type in textbox be on the email that send to me .
View 1 Replies
Dec 6, 2010
When I use WatiN to go to a specific web page, how can I fake the HTTP referrer with a query string (i.e. request is from google search with query string q=search_term)? So I can verify that the response header has the 301 redirect for specific referrer URL.
View 2 Replies
Jul 15, 2010
i redirect a page from http to https using http module begin request handler .i am calling webservice using ajax but it is saying webserice not defined .which otherwise works fineits work fine when rediect page in page_load instead .but i need to add function for https to http in every page. i still not know why ajax is not working when i use http module for redirect
View 3 Replies
Jul 7, 2010
Disabled buttons look enabled in Firefox and Chrome. I opened the same page in ie, firefox, chrome and this is the output:
"DashBoard" and "Calendar" are disabled
"Agent Info" is enabled.
Here I'm using normal asp buttons with css.What do I do?
View 2 Replies
May 15, 2010
I have a webservice which works 100% fine on my developer machine. Where Web Service is installed on LOCALHOST on my developer machine,Then i went to my servers, I installed webservice on one server and map it with the server where the website is hosted, Then i tried accessing this service using BROWSER from my web server, it worked fine, That means the mapping was done perfect.Then i run my program on web server (website). It worked fine on page1, then on page2, but when i did the same and call same function on page3, It popped me any error of
View 4 Replies
