I currently test NTLM authentication with Apache 2.4 on a windows machine, locally. All work fine. If i open a demo site http://localhost/authfoo/text.php, the site will load without an authentication dialog in every browser. The test.php script get all required authentication data automatically from the current windows user.
So far so good. Tested with Internet Explorer 11, Chrome, Firefox and it works. Only Microsoft Edge open up an authentication dialog and i must enter credentials. All what i see in this dialog window is that the title show my computername instead of localhost. This indicated that Edge use the computername as internal domain, and that is for sure no intranet domain, like localhost is.
There is something for edge that is a so called LoopbackExempt. With that you can allow localhost to be threaded as an intranet site. This setting also not helped me. https://developer.microsoft.com/en-us/microsoft-edge/platform/faq/#how-can-i-debug-localhost
However, when i manually add http://15031489-nb.cstp.intern/ to intranet sites via settings in Edge, than it work when i use http://15031489-nb.cstp.intern/authfoo/text.php without an authentication dialog. But http://localhost/authfoo/text.php still show that authentication dialog.
Btw, http://localhost is also added to intranet sites, just to make sure everything will be treated as an actual Intranet Site.
So, i have no idea of how i can get this thing to work in Edge also, like every other browser already does, even IE 11 work without flaws.
I've been searching this problem for a while and found this answer from the microsoft developer community:
Microsoft Edge doesn't allow integrated Windows Auth over loopback as
a security mitigation to prevent breaking the browser sandbox. The
only workaround offered by the team is to use the FQDN while
debugging.
(Source)
So you will have to use the FQDN instead of http://localhost/, which is http://15031489-nb.cstp.intern/ in your case. I don't believe that Microsoft will ever fix this issue in Edge, as it is intended behaviour.
Related
I am testing(on localhost on Windows 7 64 Bit) the behaviour of my web application when cookies are blocked.
When testing on IE11, it seems you cannot block cookies, even when the IE11 settings show that I have blocked cookies.(I have also tried uninstalling & re-installing IE11, just in case something was broken, but cannot block cookies.)
I have researched and been to the following places but no answers;
Cookies disable doesn't work in Internet Explorer 11 using advance setting
Cookie disabled issue in IE
document.cookie is still accessible on IE11, even though cookies are disabled
https://superuser.com/questions/1000545/internet-explorer-11-cant-disable-localhost-cookies
Or may be I should just forget about Internet Explorer ?
(Thanking the coding community in advance)
I think you are facing the same issue with me. i searched a lot too.
What i figure out is that Cookies setting only impact on websites which contains real domain (ie: examples.com, abc.net,...)
you can change the localhost domain by editing a host file in (C:\Windows\System32\drivers\etc)
Include one line at the end of that text file like below:
127.0.0.1 testweb.net
Now, whenever you type testweb.net, it will return the page as same as the localhost does.
New to IIS8, but previously created sites on an IIS7.5 server without any problems. I've created a site on IIS8 and although the pages are being served to remote computers, when I click 'Browse Website' in IIS, the server itself cannot see the page. Any suggestions? Could it be permission based?
I feel this may be linked to a problem we're having downloading images.
You didn't mention the specifics of "the server itself cannot see the page". However, since you can access the site remotely but not locally, it sounds like it may be anti-loopback checking. Check out http://blogs.msdn.com/b/jiruss/archive/2008/10/21/loopback-security-check-feature-iis-7.aspx and see if it applies in your case.
I would like to test https related application on my local machine before pushing it to staging and production.
If I try to test on local system, the page just showing (in chrome it gets to the "This webpage has a redirect loop" page).
If any information could be provided that would assist me in setting this up / getting it working and testing, I would be extremely grateful . Thanks
This problem can have two angles whether this could be related to your specific browser or with your ColdFusion application:
First and foremost can you check it on Firefox or IE just to isolate if this is specific to Chrome. (As I have seen this to come on Chrome more than often)
if it works on Other Browsers:
probably Chrome is at fault. Go to settings (Options -> Under the Hood -> Content Settings -> Cookies -> Show cookies and other site data)
Enter your problem URL in search bar and it would list all related cookies.
Select "Remove all"
if it FAILS on other browsers as well:
Can you check with perhaps another test application?
Please check with following article by Ben Nadal --
http://www.bennadel.com/blog/1666-Ask-Ben-Enforcing-An-SSL-HTTPS-Connection-Based-On-Request.htm
If this persists, please add some more information, on how this has been set up.
Cheers,
Anjaneai
If I understand your questions you should be able to use a self signed certificate on your local dev box. Once you set this up you should be able to test your site in SSL mode.
Here is one quick tutorial.
http://weblogs.asp.net/scottgu/archive/2007/04/06/tip-trick-enabling-ssl-on-iis7-using-self-signed-certificates.aspx
When I browse the web with IE10 in win8's Metro part there is no problem but when I try to view page that is located on server in my local network(the same subnet) it displays this message:
This page can't be displayed
•Make sure the web address http://192.168.1.100 is correct.
•Look for the page with your search engine.
•Refresh the page in a few minutes.
If following these suggestions didn't work, resetting your connection might help.
Reset connection [<-a button here]
Get more help with connection problems
Now the funny part is that there is an option in metro version of ie10 to open page on desktop (in regular IE10) and than it works with no problem.
I can't find or think of any security setting that would restrict browsing websites inside your own local network.
(this is Windows 8 32Bit Release Preview build 8400)
Any ideas?
This is related to EPM (Enhanced Protected Mode) in IE10. It's hard to summarize in an answer here, but Eric Lawrence (a PM on the IE team) has an excellent post detailing everything about EPM:
http://blogs.msdn.com/b/ieinternals/archive/2012/03/23/understanding-ie10-enhanced-protected-mode-network-security-addons-cookies-metro-desktop.aspx
In particular, read the "Loopback-blocked" and "Private Network resources" sections.
In your case, you might try one of these approaches:
Try aliasing the dotted hostname (http://192.168.1.100) via a custom DNS entry (e.g. http://myservice)
Change the Trusted Zones settings
See if your network connection was established as sharing or non-sharing, which would trigger private vs. public mode.
Again, see Eric's post for the details of each of these.
I have an asp.net 2.0 application running on IIS 6.0. I am using Integrated Windows Authentication. Some users have two network accounts, a personal account and an administrative account. The problem I am facing is that sometimes when they are logged in on the client side using their personal accounts, the logged in user appears at the server side as the admin account. I am retrieving the logged in user network id using System.Security.Principal.WindowsIdentity.GetCurrent().Name.
I suspect that their admin credentials are being cached somewhere and passed instead.
I had exactly this same problem. The web site was seeing me authenticate as my admin account even though I was logged in as my personal account.
It turns out that in Windows you can associate specific user names and passwords with particular sites. Once that is done, the integrated authentication through IE (and Chrome!) always uses those credentials. And, to make things easy, there is no obvious way to get to those settings through Internet Explorer's settings or options.
To fix your issue on Windows XP:
Click Start, Settings, Control Panel, User Accounts.
Click the Advanced tab.
Click Manage Passwords.
Find the entry in the list the corresponds to the site(s) where you're seeing this behavior. Remove it.
Credit where credit is due: This answer was taken almost word-for-word from an unnamed "Junior Member" at ObjectMix.
For Windows 7, use "Control Panel/Credential Manager" (also available via "Control Panel/User Accounts/Manage Your Credentials"). This lists all cached credentials, and lets you easily delete the ones which are causing problems.
When you use Remote Desktop to connect to a server and save your login credentials, it doesn't only save them for remote desktop, it also uses them for connecting through IE and, apparently, Chrome.
This is an old issue, and still valid. I just found if you save credentials while using mstsc (Remote Desktop), and try to use Integrated Windows Auth against any site that is CNAMEd to that server, it will use the saved credentials. Those will be the ones you need to delete.
My PC is locked down at work and IT have removed Credential Manager from the menu in Control Panel.
I was able to get around this by running cmdkey /list from the command line. In the list of "Currently stored credentials" I located the offending hostname and ran cmdkey /delete:[hostname] (no sq. brackets and replace hostname with your host), which fixed the issue for me.
According to this site, rundll32.exe keymgr.dll, KRShowKeyMgr will bring up the dialog to do this as well.
Some background info: http://windows.microsoft.com/en-gb/windows7/what-is-credential-manager