I have an asp.net 2.0 application running on IIS 6.0. I am using Integrated Windows Authentication. Some users have two network accounts, a personal account and an administrative account. The problem I am facing is that sometimes when they are logged in on the client side using their personal accounts, the logged in user appears at the server side as the admin account. I am retrieving the logged in user network id using System.Security.Principal.WindowsIdentity.GetCurrent().Name.
I suspect that their admin credentials are being cached somewhere and passed instead.
I had exactly this same problem. The web site was seeing me authenticate as my admin account even though I was logged in as my personal account.
It turns out that in Windows you can associate specific user names and passwords with particular sites. Once that is done, the integrated authentication through IE (and Chrome!) always uses those credentials. And, to make things easy, there is no obvious way to get to those settings through Internet Explorer's settings or options.
To fix your issue on Windows XP:
Click Start, Settings, Control Panel, User Accounts.
Click the Advanced tab.
Click Manage Passwords.
Find the entry in the list the corresponds to the site(s) where you're seeing this behavior. Remove it.
Credit where credit is due: This answer was taken almost word-for-word from an unnamed "Junior Member" at ObjectMix.
For Windows 7, use "Control Panel/Credential Manager" (also available via "Control Panel/User Accounts/Manage Your Credentials"). This lists all cached credentials, and lets you easily delete the ones which are causing problems.
When you use Remote Desktop to connect to a server and save your login credentials, it doesn't only save them for remote desktop, it also uses them for connecting through IE and, apparently, Chrome.
This is an old issue, and still valid. I just found if you save credentials while using mstsc (Remote Desktop), and try to use Integrated Windows Auth against any site that is CNAMEd to that server, it will use the saved credentials. Those will be the ones you need to delete.
My PC is locked down at work and IT have removed Credential Manager from the menu in Control Panel.
I was able to get around this by running cmdkey /list from the command line. In the list of "Currently stored credentials" I located the offending hostname and ran cmdkey /delete:[hostname] (no sq. brackets and replace hostname with your host), which fixed the issue for me.
According to this site, rundll32.exe keymgr.dll, KRShowKeyMgr will bring up the dialog to do this as well.
Some background info: http://windows.microsoft.com/en-gb/windows7/what-is-credential-manager
Related
To set the scene: I work in a highly restricted SOE. I can only sign in as a standard user, but have administrative access through "Run as other user" or "Run as administrator".
When trying to setup GitHub access, VSCode running as administrator opens an authentication window in a browser that then wants to re-open VSCode. The issue is, reopening VSCode in this manner only opens as the standard user, not running as administrator. This happens connected to the internet through the work network, and via hotspot.
I am NOT permitted to sign-in directly as administrator.
My colleague has told me there used to be a way to sign in by copying and pasting a token directly into VSCode, but this appears to no longer be an option.
Is there another way to authenticate GitHub with VSCode, other than the web-based sign-in?
Thanks
I was able to work around this some time ago by getting a Personal Access Token working.
The environment I'm forced to work in made even this difficult, but got there eventually.
I have an application that uses certificates (*.p12) to authenticate users. I want to be able to use it in Microsoft Edge (version 42) and Internet Explorer (version 11), but these browsers give me issues.
Speaking specifically of Edge, I have added the certificates to the certificate store, and they are available for me to login. When I navigate to the website, I get prompted with a window that says "Select a Certificate" (as I expect) and I select the desired user's certificate from the prompts dropdown and click "OK".
This is where the issue occurs. After I select the certificate, the prompt immediately pops back up. The prompt can reappear between 2 and 10 times. It seems to be worse in Internet Explorer. Either way, the re-prompt impacts my ability to do a number of things with the website that I need to do.
Is this a common issue? Is there something that I ought to change in my browser settings in order to prevent it?
Thank you for any help.
I currently test NTLM authentication with Apache 2.4 on a windows machine, locally. All work fine. If i open a demo site http://localhost/authfoo/text.php, the site will load without an authentication dialog in every browser. The test.php script get all required authentication data automatically from the current windows user.
So far so good. Tested with Internet Explorer 11, Chrome, Firefox and it works. Only Microsoft Edge open up an authentication dialog and i must enter credentials. All what i see in this dialog window is that the title show my computername instead of localhost. This indicated that Edge use the computername as internal domain, and that is for sure no intranet domain, like localhost is.
There is something for edge that is a so called LoopbackExempt. With that you can allow localhost to be threaded as an intranet site. This setting also not helped me. https://developer.microsoft.com/en-us/microsoft-edge/platform/faq/#how-can-i-debug-localhost
However, when i manually add http://15031489-nb.cstp.intern/ to intranet sites via settings in Edge, than it work when i use http://15031489-nb.cstp.intern/authfoo/text.php without an authentication dialog. But http://localhost/authfoo/text.php still show that authentication dialog.
Btw, http://localhost is also added to intranet sites, just to make sure everything will be treated as an actual Intranet Site.
So, i have no idea of how i can get this thing to work in Edge also, like every other browser already does, even IE 11 work without flaws.
I've been searching this problem for a while and found this answer from the microsoft developer community:
Microsoft Edge doesn't allow integrated Windows Auth over loopback as
a security mitigation to prevent breaking the browser sandbox. The
only workaround offered by the team is to use the FQDN while
debugging.
(Source)
So you will have to use the FQDN instead of http://localhost/, which is http://15031489-nb.cstp.intern/ in your case. I don't believe that Microsoft will ever fix this issue in Edge, as it is intended behaviour.
In my application, it allows users to remotely connect computers and folders within the internal network for troubleshooting, etc.
My problem is that some of these computers that they are trying to connect to haven't yet been authenticated for them, so when I plug the UNC path into a new process for explorer, it doesn't error but simply returns some random local folder (My Documents I think).
My question is... Is there a way I can make a call to the windows authentication dialog to allow the user to authenticate against the remote PC? If the user simply enters the same address into a normal explorer window, the authentication screen will appear, however, using my app it doesn't.
Is there anyway I can force this to show up for the user?
Any help appreciated, thanks.
Based on this discussion:
Prompting for network credentials in VB.NET
You can have a look at CredUIPromptForCredentials API, in vb.net, just P/Invoke it. For more information:
http://www.pinvoke.net/default.aspx/credui/CredUIConfirmCredentials.html
http://msdn.microsoft.com/en-us/library/aa375177(VS.85).aspx
I am trying to config a sharepoint 2010 site for anonymous access. The tutorials I am following are:
http://live.visitmix.com/Videos
http://blog.drisgill.com/2009/11/sp2010-branding-tip-9-turn-on-anonymous.html
http://www.topsharepoint.com/enable-anonymous-access-in-sharepoint-2010
And a few youtube videos.
I am stuck fast in a certain point. When I am told in Central Admin to click "Site Actions > Site Settings > Application Management > Manage Applications > SharePoint - 80" I do this. My next step is to click "Authentication Providers".
In my system this option is 'Greyed out' and not selectable. I also try to click "Anonymous Policy". The options in this section are also not selectable.
Is there further config needed? Can anyone suggest a possible solution? or link an article with the solution? The mix videos leave this config out.
Thanks in advance
Here is the solution:
I went a different way and basically opened every option related to security / perms / anon.
I ended up from central administration clicking "Security > Specify Authentication Provider > Default"
I was then able to allow anon access. The correct options have appeared to the site collection administrator.
In case you're using Windows 8 ensure that the browser you're using for the update is running in admin mode.
Otherwise just open another instance by "Run as administrator".
Good luck!
Try using Internet Explorer.
I had the same problem when using Firefox 3.6.8, but not in IE 8.
Also don't forget to open Internet Explorer with elevated administrator privileges.
I logged on as the local administrator on the box and the button was enabled, but when I tried to save, it error'ed out.
I created a new web application, and successfully made it anon, and was then able to make the original one anon too - no more error.
The quickest thing to verify: when opening up Central Administration in IE, ensure that you run it 'as administrator'
If you do, then no items like the authentication provider options on the ribbon will be disabled.