I have an asp.net 2.0 application running on IIS 6.0. I am using Integrated Windows Authentication. Some users have two network accounts, a personal account and an administrative account. The problem I am facing is that sometimes when they are logged in on the client side using their personal accounts, the logged in user appears at the server side as the admin account. I am retrieving the logged in user network id using System.Security.Principal.WindowsIdentity.GetCurrent().Name. I suspect that their admin credentials are being cached somewhere and passed instead.
Integrated Windows authentication enables users to log in with their Windows credentials, using Kerberos or NTLM. The client sends credentials in the Authorization header. Windows authentication is best suited for an intranet environment. For more information, see Windows Authentication.
Enable Integrated Windows Authentication isn't checked in the properties of IE. This located under Internet Options -> Advanced -> Security.
Windows authentication with SSO works the same way as Windows Authentication managed by IIS with respect to security zones. However, there are some differences. The SSO server will authenticate the user once.
For Windows 7, use "Control Panel/Credential Manager" (also available via "Control Panel/User Accounts/Manage Your Credentials"). This lists all cached credentials, and lets you easily delete the ones which are causing problems.
This is an old issue, and still valid. I just found if you save credentials while using mstsc (Remote Desktop), and try to use Integrated Windows Auth against any site that is CNAMEd to that server, it will use the saved credentials. Those will be the ones you need to delete.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With