1
votes

I setup the iiS 8.5 to using windows authentication and only allow domain user who is member of the local user group to access the site content.

Everything seems working fine, user who is member of the local user group will passed the authentication login screen and access the web content. If not, the user will see the default iis error page which is all good.

The problem is once the web content show up, the login screen keep comes up and ask user name / password again, user have to keep clicking the cancel button to make it disappear and no idea why.

I try many different setting and none of it working. like change order of the authentication provider, only use NLM , add trusted site in internet option etc.

It just drive me crazy, it seems is easy setting built-in iis / windows server, why is so difficult to make it working as expected.

Any idea and help will be highly appreciated!

Environment

  1. iis 8.5 on Windows Server 2012 R2
  2. Windows authentication installed
  3. Running on SSL
2
I don't think you can set up paragraph 1. So please do share your configuration to show how it is possible. - Lex Li

2 Answers

0
votes

Try to put the extended protection to "Accept" in Windows Authentication advanced settings.

To to that: Access IIS Manager Click on the website you're trying to configure Click in Authentication Then, click in Windows Authentication In the right side, click in Advanced Settings in the Extended Protection, select "Accept".

I solved this here using this configuration.

Here follows a good IIS configuration guide: https://docs.microsoft.com/en-us/iis/configuration/system.webServer/security/authentication/windowsAuthentication/

Hope it helps!

0
votes

I was facing same problem, while working with angular single page application back end .Net Core. Solved by using following steps.

  • Anonymous Authentication= Disabled

  • Basic Authentication= Disabled

  • Window Authentication= Enabled

    enter image description here

Window Authentication with Advanced Settings used following settings

  • Set Extended Protection = Required
  • Set Enabled Kernel-mode authentication = Checked

In Providers set NTLM Up and Negotiate down.

enter image description here