Windows authentication with NTLM issue

Question

I would like to make an IIS (8.5.9600) web service with windows authentication, which provider is NTLM. My problem is that i cannot login to website using my windows domain credentials as i expected I should. Nither works for me. For this moment i'm stuck due to i'm not able to login to see website with webservice.

Windows version: Microsoft Windows Server 6.2

I think i did't something wrong with configuration.

I've tried to login using patterns: DOMAIN\username username

Website authentication config: https://ibb.co/FBZXqym

Website roles config: https://ibb.co/qDY1PWb

Webserivce app authetication config: https://ibb.co/LvZdF45

Windows authentication providers: https://ibb.co/FVcxXTm

Webservice app roles config: https://ibb.co/xHBvq9d

I've also added fully persmisions for IIS app pool user to WebService app.

My web.config:

<configuration>
<system.web>
  <compilation debug="true" targetFramework="4.7.2" />
  <httpRuntime targetFramework="4.7.2" />
  <authentication mode="Windows"/>
  <authorization>
    <allow users="*" />
  </authorization>
</system.web>
<system.codedom>
  <compilers>
    <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701" />
    <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" />
  </compilers>
</system.codedom>
<runtime>
  <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
    <dependentAssembly>
      <assemblyIdentity name="Autofac" publicKeyToken="17863af14b0044da" culture="neutral" />
      <bindingRedirect oldVersion="0.0.0.0-4.9.2.0" newVersion="4.9.2.0" />
    </dependentAssembly>
  </assemblyBinding>
</runtime>

I would like to login to my webservice app and see standard .asmx page. Currently i can't.

“My problem is that i cannot login to website using my windows domain credentials as i expected I should.” That's far from enough. What did IIS logs say? support.microsoft.com/en-ca/help/943891/… — Lex Li
I've got no response, i've checked log before and there is no information about what's happend durning login process. To be more accurate i've checked log from logging info at IIS section. — Karol Kot
The top thing at this moment for you to learn is what is Windows authentication (NTLM) and what should be expected to be logged in IIS log files when things are right or wrong. Then you can describe the actual problem with more details than "I've got no response". Tools like Fiddler and Wireshark can also help you dive deeper to the network packet level. Before you understand such, not much others can help. — Lex Li

Gabriel Luci Gabriel Luci · Accepted Answer · 2019-07-27T18:31:35

You need a system.webServer section in your web.config to enable Windows Authentication, but also disable anonymous authentication:

<system.webServer>
   <security>
      <authentication>
         <anonymousAuthentication enabled="false" />
         <windowsAuthentication enabled="true" />
      </authentication>
   </security>
</system.webServer>

More info here: https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/authentication/windowsauthentication/

You mention a website and a web service, but you didn't say what the relationship between the two is (does the user login to the website and the website calls the web service?). So if you have more issues with this, you'll have to give more info about what you're doing.

Windows authentication with NTLM issue

3 Answers