Passing windows authentication between two websites - authentication

I'm working on a website that needs to be authenticated to via windows authentication in iis. To access this website you are required to login using windows authentication on another site.
I want to pass that windows authentication to my website so they do not need to log in. is this possible? and how? Ive looked through impersonation and keroberos but they dont seem to by what I'm looking for. The site also needs to have the correct credentials because the windows user is a parameter to get sql information for each individual user.

Thanks for the reply!, after a few hours of trial and error i found that it is paritally browsers issues and partially authentication issues. In firefox and chrome the authentications persist through, but not in IE. The solution was to change the authentication to windows authentication, then change the provider to Negotiate:kerberos in the authentication Configuration in IIS.

Related

Login page - simple, secure way to implement authentication against active directory?

I'm creating a small web app running on IIS and I need to implement a secure way to handle login authentication against active directory.
Currently, I have it set up with Windows authentication, so when users first go to the website it shows the login prompt from the browser, they login using their AD credentials, and then it allows them into the site.
However, I want to have an actual login page and have these credentials validated against AD instead of Windows Authentication. I've been researching for hours about LDAP but I can't seem to find good documentation/videos on how to set it up to communicate with AD. I've thought about using 3rd party services like Okta but I don't think I need to.
Does anyone have any ideas?

Get corp name from LDAP without having windows authentication

I need to get the corporate name this is the basic thing. But my problem is i need to get them through WEB API. I have tried impersonate set to true in web config enabled Windows authentication also. I can get the details locally when i run postman, but the same when i try to access after deploying in server it shows the following things:
1) Corporate domain name returns empty
2) Access denied (when anonymous is set to disable mode)
I am confused whether this can be done without having a windows authentication prompt box. If yes have i missed something while configuring IIS?
Thanks everyone in advance :)
This is way too late to answer this but SSO is what i need and i have come across Ping Identity.
So using SSO i can get the details of the user who are logged in.
PingIdentity - SSO

Authentification with Windows Auth NTLM

There is a WebAPI hosted in IIS. It is using Windows authentification with NTLM protocol only. If I am trying to reach it with chrome extension which gives me the ability to send REST requests, chrome prompts me for credentials and this is the part I dont understand why? Windows auth is the one that should take my information from my windows login isnt it? It is not forms auth. Of course it happens the first time only, if you are reaching it multiple times it just returns the token, but I guess its just the session things.
I feel that I am missing something and dont have enough knowledge about it so any information would be nice.
Question:
Why windows auth is prompting for credentials when I am trying to authenticate to my WebAPI the first time? Shouldnt it handle this automatically based on my windows login information?
Thank you
Windows authentication means it will validate the username and password of the user available in the directory listing of the hosted server.
And after you enter the credentials once then the browser will manage it further.
If you close that tab and open the url in new tab then also it will not prompt again unless the browser is not closed and reopened.
It is not possible to handle windows login automatically without login prompt box.

Metro app using Enterprise Authentication: why do I still see login prompt

I have an WinJS metro application that I'm using to connect to a remote webservice that same domain. I read up on the app manifest capability (well the little that is present online) and was hoping that I would be able to use the logged in users credentials to access this webservice without requiring them to login.
I'm trying to authenticate to the webservice via a post using a contentType: "application/x-www-form-urlencoded;charset='utf-8'". This application was previously a website that would prompt the user for login credentials in the authentication step using the aforementioned post. In the WinJS metro application I'm effectively using the same code (minor tweaks) to achieve the same result.
Has anyone had experience with Enterprise Authentication in a WinJS metro application and could better explain what types of resources I would/wouldn't have access to. I'm hoping this isn't specific to accessing things like file shares and intranet sites.
I had this exact issue as well. After ensuring the following Capabilities were enabled in the package.appxmanifest:
Enterprise Authentication
Internet (Client)
Private Networks (Client & Server)
I had to still add the URL of our web service to Internet Explorer's list of Intranet Sites. Only then did the prompt go away.

iis7 Challenge-based and login redirect-based authentication cannot be used simultaneously

I have an asp.net web site, earlier version of the application need to run in classic mode, the latest version can run in integrated mode. Generally the application is configured to use Forms Authentication but it can be configured to used Windows Authentication.
There is a business requirement that even when running IIS in Windows Authentication the application should still support forms authentication this is so administrators are forced to login with a username/password. This is handled internally with code that determines whether to log the user in or redirect to login
ISS6 allowed this configuration with no problems and in fact IIS 7 can be configured in this way, except for the fact that it shows an "Alert" message "iis7 Challenge-based and login redirect-based authentication cannot be used simultaneously". This message doesn't appear to be strictly true as the application seems to work as intended, happily supporting IIS as windows auth but the asp.net app thinking its forms auth.
The problem I have is with the "Alert" message, as this will no doubt cause confusion and support calls.
Is there way to provide both windows auth and forms auth and keeps IIS7 UI happy?
There's a well detailed proposal that basically does the following:
Applies Forms authentication everywhere as this is not applicable piecemeal on a site. Then to have a gateway page (login) where the windows authentication takes place. It's not flicking a switch but I'm going to be trying it myself.
I'll report back on how it goes if there's interest.