Really need help with this and tried lots of things and run out of ideas. I have a site hosted on an internal development server, accessible for staff internally. the server setup is windows 2008 R2, iis 7.5 sql 2008 express. Im authenticating using active directory. in Chrome the site loads, and automatically logs me in recognising my name. When viewing the site in IE7 the response is: "401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied." I have tried the following: <ul> <li>in iis set only windows authentication to enabled (the rest disabled)</li> <li>Moved NTLM to the top of the providers list</li> <li>given full control to the web directory to Everyone/IUSR/Network Service/DeafultAppPool ...list goes on.</li> <li>checked ie settings (enable integrated windows authentication is checked)</li> <li>user authentication in IE7 is set to "automatic logon only in intranet zone".</li> <li>set the following in web.config: <ul> <li><code><anonymousIdentification enabled="false" /></code></li> <li><code><authentication mode="Windows" /></code></li> <li><code><identity impersonate="false" /></code></li> </ul> </li> <li>Executed: <code>cscript adsutil.vbs set w3svc/NTAuthenticationProviders "NTLM"</code> </li> </ul> im convinced its not a browser setting as im authenticated against AD when i access the intranet in IE7. what is wrong? how can i fix it? Many thanks

From the technet article, http://technet.microsoft.com/en-us/library/cc754628(v=ws.10).aspx : <blockquote> The default setting for Windows authentication is Negotiate. This setting means that the client can select the appropriate security support provider. To force NTLM authentication, you must change the value of the element under the element in the ApplicationHost.config file. </blockquote> IE is using Kerberos and not falling back on NTLM like Chrome and Firefox. You must force NTLM authentication in IIS7.5 by following these steps: <ol> <li>Select your site.</li> <li>Double click authentication.</li> <li>Select "Windows Authentication" (ensuring that it is enabled).</li> <li>Click "Providers..." in the right hand column.</li> <li>Select NTLM and click "Move Up".</li> </ol> <img src="https://i.stack.imgur.com/5vtUr.png" alt="enter image description here">

windows authentication not working in ie7

Tags:

active-directory

iis-7.5

internet-explorer-7

windows-authentication

Really need help with this and tried lots of things and run out of ideas.

I have a site hosted on an internal development server, accessible for staff internally.

the server setup is windows 2008 R2, iis 7.5 sql 2008 express. Im authenticating using active directory.

in Chrome the site loads, and automatically logs me in recognising my name.

When viewing the site in IE7 the response is: "401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied."

I have tried the following:

in iis set only windows authentication to enabled (the rest disabled)
Moved NTLM to the top of the providers list
given full control to the web directory to Everyone/IUSR/Network Service/DeafultAppPool ...list goes on.
checked ie settings (enable integrated windows authentication is checked)
user authentication in IE7 is set to "automatic logon only in intranet zone".
set the following in web.config:
- <anonymousIdentification enabled="false" />
- <authentication mode="Windows" />
- <identity impersonate="false" />
Executed: cscript adsutil.vbs set w3svc/NTAuthenticationProviders "NTLM"

im convinced its not a browser setting as im authenticated against AD when i access the intranet in IE7.

what is wrong? how can i fix it?

Many thanks

211

asked Sep 07 '11 16:09

raklos

1 Answers

From the technet article, http://technet.microsoft.com/en-us/library/cc754628(v=ws.10).aspx :

The default setting for Windows authentication is Negotiate. This setting means that the client can select the appropriate security support provider. To force NTLM authentication, you must change the value of the element under the element in the ApplicationHost.config file.

IE is using Kerberos and not falling back on NTLM like Chrome and Firefox. You must force NTLM authentication in IIS7.5 by following these steps:

Select your site.
Double click authentication.
Select "Windows Authentication" (ensuring that it is enabled).
Click "Providers..." in the right hand column.
Select NTLM and click "Move Up".

enter image description here

answered Sep 18 '22 13:09

Seth

Related questions
                            
                                How do I get the AD Display Name of the currently logged in user
                            
                                Using spring embedded ldap to simulate active directory for integration tests
                            
                                How to fake Active Directory?
                            
                                Can you calculate the password hash used by Active Directory?
                            
                                How to setup a Active Directory environment test?
                            
                                LdapConnection Vs DirectoryEntry
                            
                                Enable autologin into flask app using active directory
                            
                                Public Active directory for testing
                            
                                Dns.GetHostEntry error conditions and resolution methods
                            
                                Rails 3 & devise_ldap_authenticatable: Authorization against Active Directory?
                            
                                Server is unwilling to process the request - Active Directory - Add User via C#
                            
                                ASP.NET 5 / MVC 6 On-Premises Active Directory
                            
                                passwordless ssh authentication using active directory
                            
                                How to register System.DirectoryServices for use in SQL CLR User Functions?
                            
                                GetAuthorizationGroups() is throwing exception
                            
                                While trying to retrieve the authorization groups, an error (5) occurred
                            
                                Using LDAP for authentication in iOS
                            
                                What does "active directory integration" mean in your .NET app?
                            
                                Enumerate all users in LDAP with PHP

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With