I have:
Added the ftp-publishing service
Allowed IIS-Authentication in the management service
Created a user under IIS Manager-User
Allowed the user in IIS-Manager-Permissions
Added the user to FTP-Authentication rules for my site
Added the IISAuthentication to the FTP Authentication rules
IIS_IUSERS has full access to the directory
Yet, I get the login prompt but it won't take my login credentials.
Any ideas ?
Related
My site is hosted on IIS but behind reverse-proxy (nginx). Hence Windows Authentication is not working (nginx does not support it by default configuration). So I want IIS to use Active Directory to check user credentials. But how to do this? I suppose to use cookie, but can't find how to force IIS to find user in Active Directory database.
I would be appreciated for any help.
UPD:
I don't want to use Windows Authentication. I only want IIS find user in Active Directory when user send credentials by simple POST-request from the login page.
It looks like there is no integrated solution and I simply should write it by myself.
With the use of IdentityServer4 and the OIDC protocol, I've managed to get my SPA and my .net core web api authenticating against a sql server user store, as well as ADFS which is great. However, when the user first clicks the 'Continue with ADFS' button, the login prompt is shown asking the user for their credentials. My understanding was that with the use of openId connect and IdentityServer, we could add external identity providers such as ADFS to our IdentityServer application and if ADFS is chosen for login with the user already logged in to ADFS via their local machine, then the authentication would happen seamlessly without the need to input windows user credentials again. There are other steps in order to achieve this of course, like linking the ADFS UserId with our SQL Database User Id table, but overall my understanding was that this would be entirely possible.
After a user logs out from an ADFS login, the next time the user chooses to log back in with ADFS, the 'Challenge' method that is run within my IdentityServer application to initiate the redirect to ADFS often recognises that the user has already logged in recently and therefore just logs them right in without the need for their credentials again.
My question is - is it actually possible to avoid the initial login prompt altogether? Or will the browser insist that credentials are provided if the user hasn't logged into the application for a while?
It certainly is possible but it may involve specific browser config in ADFS and also may require your IDP to be in the intranet zone in Windows Internet settings.
Check out these articles:
https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-intranet-forms-based-authentication-for-devices-that-do-not-support-wia
https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-browser-wia
Is it possible to logon a user with Apache authentication and use the same cookies to logon user to an ASP site?
Here is how the server configuration looks:
Browser > Apache > IIS (running inside a private network)
Currently when we hit the site, it shows the apache logon prompt. After user gets authenticated successfully it lands to login page of an ASP application running on IIS on a separate machine. Here user have to login again to get into the ASP application.
What I want to achieve is to have the user log in once through apache authentication, store the session in a cookie and use the same session to log on to ASP application.
Thanks for your help.
I've managed to setup two virtual machines in my local windows 7 laptop. Both of them are Windows server 2008 R2. One acts as Active Directory Domain controller and also as Active Directory Federation Services, and one other as the web app server. This second one is where I've set up my claims aware asp.net mvc web application and I also plan to setup ThinkTecture Identity Server later as my way to authenticate against custom username and password outside AD.
I've successfully implemented the installation and configuration needed for connecting our ASP.NET MVC apps through ADFS. They include :
Configure first server as Domain Controller and add domain account store (add user as testing -> this user belongs to Domain Users Group).
Configure first server also as active directory federation services.
configure relying party trust identifier from federation metadata generated from FedUtil.exe in second server.
Configure group claim mapping and assign Domain Users to this group.
Configure web apps server to be claims aware agent.
The one that's always troubled me is that every time I access my apps, it successfully prompts login dialog box. Once I enter My AD account and password, it always gives me the following error message : "There was a problem accessing the site. Try to browse to the site again.
If the problem persists, contact the administrator of this site and provide the reference number to identify the problem.
Reference number: c558ed55-b203-42cc-b6bd-3d66bddb96cd".
Any idea from you guys how to get this to work?? Any suggestion and ideas will be highly appreciated.
Have you looked in the event log?
Open Event Viewer > Go to Applications and Services Logs > AD FS 2.0
You'll see an list of errors which should give you some more guidance.
If you see the ADFS login screen, you can get to ADFS so I suspect it's something to do with your RP configuration.
Just to check - you are using ADFS 2.0 which you downloaded?
I have a Windows 2008 R2 IIS7 server with Mercurial under HTTPS. I connect to the Mercurial Repositories using TortoiseHG and via the web interface.
If I include my domain credentials in my ".hgrc" file I do not get prompted for domain username and password.
But if I do not have the credentials in the ".hgrc" file, I do get prompted for my domain credentials.
What I want, is to setup my Mercurial repositories security in such away that I do not have to supply credentials through a basic authentication prompt or via entering them in my personal ".hgrc" file.
The user access should be inferred by being logged into the domain on the computer I am working on.
Authentication setup:
Anonymous Authentication - Disabled
ASP.Net Impersonation - Disabled
Basic Authentication - Enabled
Forms Authentication - Disabled
Windows Authentication - Enabled
On the client side I have my credentials in my personal ".hgrc":
[auth]
tag.prefix = https://MercurialServer
tag.username = Username
tag.password = Password
Answered by Shane Madden in serverfault