Windows authentication does not work

7
votes

I am trying to setup Windows authentication in my .NET 4.0 MVC3 web application, so the intranet users in the company can log in without being prompted.

In web.config I have:

<authentication mode="Windows" />
<authorization>
  <deny users = "?" />
</authorization>

In IIS I disabled anonymous access for the entire web application and left only Windows authentication checked. I am using IIS 6.0 on Windows 2003.

Now, when I access the site from USER\COMPUTER I am logged in without being prompted, but as a wrong user (not myself, but the administrator account of the server that the web app is running at).

When I access the site from USER\SOMESERVER I am logged in as USERS, just as expected. All other people trying to access my app from their computers get a prompt for username and password (they can login when they provide valid credentials though). This is especially strange, because they all have integrated windows authentication turned on in IE settings and the *.domain.intra is added to intranet sites.

Does anyone have an idea what's happening? How can I make it work, so the users are logged in as themselves without being prompted?

EDIT: the web application pool runs as NETWORK SERVICE, so I do not understand why I am logged in as a wrong user from my development machine...

EDIT2: since I use NETWORK SERVICE as the identity for the app pool, I followed the workaround steps from here: http://support.microsoft.com/kb/871179 . But it still does not work...

All users and machines belong to the same domain

EDIT3: I found this: http://forums.iis.net/t/1167087.aspx . The problem they described was exactly the same. The solution also worked. The only problem that still persists is that from my development machine I am still automatically logged in as a wrong user. Fortunately all client machines log in as the current users.

1
asp.net.netasp.net-mvc-3authenticationwindows-authentication
It sounds like you have impersonation setup in IIS.user596075
How are you getting the username that it is logging you in as? Do you have any references to the wrong user in your code anywhere? When the other users get the prompt for username and password can they log on or does it reject their authorisation? And the obvious question, are all users on the same domain? ;-)Chris
They can log on as themselves and then also a proper username is shown in user partial. I do not have any references to the wrong user and I do not configure impersonatation in web.config. I get the username from User.Identity.NameMichal B.
Yes, all users are in the same domain.Michal B.
Do the individual users all have read access to the folder (and subfolders) containing the site?Nick Vaccaro

1 Answers

0
votes

I googled a bit more and found this: http://forums.iis.net/t/1167087.aspx. Rebooting the server indeed solved the problem. The sad thing is that we still do not know what was causing it...