I have an application that uses certificates (*.p12) to authenticate users. I want to be able to use it in Microsoft Edge (version 42) and Internet Explorer (version 11), but these browsers give me issues.
Speaking specifically of Edge, I have added the certificates to the certificate store, and they are available for me to login. When I navigate to the website, I get prompted with a window that says "Select a Certificate" (as I expect) and I select the desired user's certificate from the prompts dropdown and click "OK".
This is where the issue occurs. After I select the certificate, the prompt immediately pops back up. The prompt can reappear between 2 and 10 times. It seems to be worse in Internet Explorer. Either way, the re-prompt impacts my ability to do a number of things with the website that I need to do.
Is this a common issue? Is there something that I ought to change in my browser settings in order to prevent it?
Thank you for any help.
Related
I currently test NTLM authentication with Apache 2.4 on a windows machine, locally. All work fine. If i open a demo site http://localhost/authfoo/text.php, the site will load without an authentication dialog in every browser. The test.php script get all required authentication data automatically from the current windows user.
So far so good. Tested with Internet Explorer 11, Chrome, Firefox and it works. Only Microsoft Edge open up an authentication dialog and i must enter credentials. All what i see in this dialog window is that the title show my computername instead of localhost. This indicated that Edge use the computername as internal domain, and that is for sure no intranet domain, like localhost is.
There is something for edge that is a so called LoopbackExempt. With that you can allow localhost to be threaded as an intranet site. This setting also not helped me. https://developer.microsoft.com/en-us/microsoft-edge/platform/faq/#how-can-i-debug-localhost
However, when i manually add http://15031489-nb.cstp.intern/ to intranet sites via settings in Edge, than it work when i use http://15031489-nb.cstp.intern/authfoo/text.php without an authentication dialog. But http://localhost/authfoo/text.php still show that authentication dialog.
Btw, http://localhost is also added to intranet sites, just to make sure everything will be treated as an actual Intranet Site.
So, i have no idea of how i can get this thing to work in Edge also, like every other browser already does, even IE 11 work without flaws.
I've been searching this problem for a while and found this answer from the microsoft developer community:
Microsoft Edge doesn't allow integrated Windows Auth over loopback as
a security mitigation to prevent breaking the browser sandbox. The
only workaround offered by the team is to use the FQDN while
debugging.
(Source)
So you will have to use the FQDN instead of http://localhost/, which is http://15031489-nb.cstp.intern/ in your case. I don't believe that Microsoft will ever fix this issue in Edge, as it is intended behaviour.
I am getting below error when trying to open another https site (with self signed certificate) in IE11.
"Content was blocked because it was not signed by a valid security
certificate. For more information, see “About Certificate Errors” in
Internet Explorer Help."
When using IE9 or IE8, we used to get the same error along with a pop-up message "Show Content" clicking on which will display the content. But IE 11 is not displaying "Show Content" option.
Can you please help in enabling that option for IE11? I researched in SO and lot of other places. The option given was to install the certificate. Is there a way to enable "Show Content" option without going through certificate installation path?
No, you cannot. There is no way to get rid of it without installing the certificate.
I have an internal website in our company that uses HTTPS and the Server's certificate. The thing is since this certificate is self-signed, when anyone browse to that web site it gives a certificate warning. What I did on my PC I opened the site in IE and then clicked on the certificate error in the address bar and on the general tab clicked on Install certificate, selected Local Machine as the store location and placed it on the Trusted root certification authorities. Using a MMC I also verified that this certificate is installed successfully. But the issue is that the certificate warning is still there!
I was facing the same problem as you before, and i think it is impossible to remove properly the warning even if you use firefox, chrome or you own web browser based on Internet Explorer libs, your company must bye a certificate from companies like verisign. The only way i found to remove the warning message using IE is to trap the window wich warn you using WINAPI (getting window handle by the window title of the warning popup then find the handle of "OK" button and send a message to simulate a press on it)..
You can try adding this to trusted sites in IE. If you have group policy access it can be set for users also.
Open IE
Click Tools and select Internet Options
Click the Security Tab
Select Trusted Sites icon and set the Security level to Medium Low.
Add the site to Trusted Sites by clicking sites button.
Close all the Windows. Then open the browser.
See if that will work for you.
I upgraded to Windows 8 RTM a few weeks ago and yesterday I attempted to create a Windows Store account using my bizspark token. I get the message: "We don't recognize the computer you're using".
This is the same computer I've been using.. As I understand it I was supposed to get an email to confirm this as a new trusted computer when I upgraded. I never did. I have valid emails accounts and a phone number associated with my windows Live account.
In trying to figure it out I "deleted" the listed trusted computers, so that will happen in 30 days but if I click the Cancel the deletion I am taken to a screen that says:
"Use your existing security info to help us make sure this is you. How can we contact you? ", with the only option available being "Use my trusted PC".
I saw somewhere in some forum that Windows Essentials is supposed to help, I downloaded it and ran wlstartup.exe and if I remember correctly I had the option to make this a trusted PC. It made no difference, I'm still not trusted . If I rerun wlstartup it just gives me a dialog that says "Connect your favorite Services" with a Linked In logo. I tried it with no other apps running and logged out of Live and messenger. The file version of wlstartup is: 16.4.3503.728
I've tried devices.live.com , click the "add this computer" link and it takes me to the Essentials download page, which, as mentioned, I've already downloaded and ran.
So basically, I need to make my computer trusted ( again ) so I can get a Windows Store account, and have no idea how.
Anyone else have this problem?
Thansk,
Craig
Did you maybe reinstall windows 8. You need to trust the new PC from the old install, which is impossible, so frustratingly you have to wait 30 days before you can delete the old install and add the new trusted PC.
http://www.windowsitpro.com/article/security/windows-live-trusted-computer-143668
I have an asp.net 2.0 application running on IIS 6.0. I am using Integrated Windows Authentication. Some users have two network accounts, a personal account and an administrative account. The problem I am facing is that sometimes when they are logged in on the client side using their personal accounts, the logged in user appears at the server side as the admin account. I am retrieving the logged in user network id using System.Security.Principal.WindowsIdentity.GetCurrent().Name.
I suspect that their admin credentials are being cached somewhere and passed instead.
I had exactly this same problem. The web site was seeing me authenticate as my admin account even though I was logged in as my personal account.
It turns out that in Windows you can associate specific user names and passwords with particular sites. Once that is done, the integrated authentication through IE (and Chrome!) always uses those credentials. And, to make things easy, there is no obvious way to get to those settings through Internet Explorer's settings or options.
To fix your issue on Windows XP:
Click Start, Settings, Control Panel, User Accounts.
Click the Advanced tab.
Click Manage Passwords.
Find the entry in the list the corresponds to the site(s) where you're seeing this behavior. Remove it.
Credit where credit is due: This answer was taken almost word-for-word from an unnamed "Junior Member" at ObjectMix.
For Windows 7, use "Control Panel/Credential Manager" (also available via "Control Panel/User Accounts/Manage Your Credentials"). This lists all cached credentials, and lets you easily delete the ones which are causing problems.
When you use Remote Desktop to connect to a server and save your login credentials, it doesn't only save them for remote desktop, it also uses them for connecting through IE and, apparently, Chrome.
This is an old issue, and still valid. I just found if you save credentials while using mstsc (Remote Desktop), and try to use Integrated Windows Auth against any site that is CNAMEd to that server, it will use the saved credentials. Those will be the ones you need to delete.
My PC is locked down at work and IT have removed Credential Manager from the menu in Control Panel.
I was able to get around this by running cmdkey /list from the command line. In the list of "Currently stored credentials" I located the offending hostname and ran cmdkey /delete:[hostname] (no sq. brackets and replace hostname with your host), which fixed the issue for me.
According to this site, rundll32.exe keymgr.dll, KRShowKeyMgr will bring up the dialog to do this as well.
Some background info: http://windows.microsoft.com/en-gb/windows7/what-is-credential-manager