Windows authentication for Mac browsers

Question

I am encountering the following issue when trying to configure an intranet ASP.NET site in IIS 8.5 for Windows authentication. I have the IIS Windows authentication provider settings set to:

• Negotiate
• NTLM

This works great for Windows-based browsers - users are logged in seamlessly. Mac-based browsers don't seem to support the Negotiate protocol; when accessing my site you are prompted for your domain credentials. Even when responding with correct credentials, the browser responds to the authentication challenge with "NTLM xxxxxxx...". IIS doesn't like this and always responds with a 401. This sends the browser into an authentication loop where you are prompted for your credentials endlessly. If you click "Cancel" (depending on which browser you are in), you will finally get a 401 response (not very useful).

If I modify the settings and remove the "Negotiate" provider, I am still prompted when accessing the site from a Mac browser, but this time the NTLM challenge succeeds and I can authenticate. The problem with this is I am now getting an authentication prompt from Windows browsers as well.

Is there a way to get around this (do I have Windows authentication misconfigured)? I am fine with having to answer a credential prompt from the Mac but as the vast majority of my users will be accessing from Windows, I would prefer they still get the "invisible" log on experience.

Answer 1

If I'm understanding your question correctly; Safari/Apple doesn't support Windows Authentication. Basic Authentication needs to be enabled within IIS in order for Safari to login.