Reputation: 866
IIS Windows Authentication 401 UnAuthorized
I've a sub-application that I want to use windows authentication. I want that login box pops up even in the domain when the person first reaches the page.
When I turn off Kernel-mode authentication, the login box pops up, but fails with error 401 Not Authorized after 3 login attempts. If I turn this on, It doesn't even asks for the password,I believe this is due the computer is in the servers domain and the credentials are passed automatically.
Is there any possibility to show login form for all users, including domain users?
In the image below are my server configs.
Upvotes: 3
Views: 17842
Answers (3)
Reputation: 1
In my case, there are FTP Site with permission for that user (account cannot remote) in IIS Manager Access Permission option. When I remove this permission in IIS Manager Access Permission option for that user, everything working again.
The remote server returned an error: (401)
Unauthorized.
[The remote server returned an error Unauthorized][1] [1]: https://i.sstatic.net/K4plJGyI.png
Upvotes: 0
Reputation: 544
You can use Basic authentication. It will prompt the user for credentials and once entered, it will give you a seamless experience.
However, the disadvantage with basic auth is that it sends the password in plain text to the server. You can use SSL certificate to encrypt this information.
Upvotes: 0
Reputation: 40858
Windows Authentication is normally handled by IIS. This is the way it works:
- Client requests the page.
- IIS returns a HTTP 401 response, with a header saying that it accepts Windows auth.
- The client's browser automatically resends the request with the users credentials (as long as the site is trusted).
- IIS verifies the user and passes the credentials to the application.
This is all designed to be seamless.
If you want the user to be prompted for credentials all the time, then either:
- Make sure your site is not trusted (not in the Internet Options Trusted Sites or Intranet Sites). But you may not be able to do that.
- Don't use Windows authentication. Uses Forms authentication and make a login page where the users can enter their credentials. But that means that you will have to verify the credentials against Windows or Active Directory yourself in your code.
If you use #2, then also make sure to use SSL on your site since passwords will be sent in plain text.
Upvotes: 6
Related Questions
- ASP.NET Windows Authentication Not Working/Not Accepting Credentials
- Windows Authentication not working on local IIS 7.5. Error 401.1
- Issue on Windows Authentication
- IIS asking for windows authentication
- Unable to use Windows Authentication IIS
- Windows Authentication IIS7
- HTTP 401.3 - Access denied on Windows Authentication
- Windows Authentication problem
- ASP.NET, 401 - Unauthorized, Valid account
- Facing problem with ASP.NET hosted in IIS and Windows Authentication