Windows Authentication with Chrome and IIS

转载,留作以后查看

Recently I was tasked at work with creating a dashboard application for use on our intranet using ASP.Net MVC. Due to the need to track some user preferences, I set this up to use Windows Authentication so I would be automatically passed the credentials from the user’s Windows session. I developed the web app and tested it using IIS express on my local machine using both Internet Explorer and Google Chrome without issue. When it came time to deploy the site to our test cluster for some user feedback, this is where I discovered an issue around Windows Authentication with Chrome and IIS (Internet Explorer still worked fine).

When pulling up the site in Chrome I was greeted with “This webpage is not available”. Clicking on the more button revealed the error code: “ERR_INVALID_AUTH_CREDENTIALS”.
 

Chrome Invalid Auth Credentials

 
 

What Didn’t Work:

I remembered reading where Chrome uses the local intranet settings from Internet Explorer so I pulled up those settings to take a look. I tried specifically adding the new site to the local intranet zone with the dialog box shown below (Internet Options -> Security Tab -> Sites -> Advanced). Unfortunately, this didn’t help. When I refreshed Chrome I still had the “ERR_INVALID_AUTH_CREDENTIALS” error.
 

Local Intranet Add Site To Zone

 
Back on the security tab in the internet options dialog, I clicked the “Custom Level” button and looked through all the settings. At the very bottom I found what looked like a promising setting under User Authentication -> Logon. By default, “Automatic logon only in Intranet zone” was selected. I changed that to the option below it that read, “Automatic logon with current user name and password”. Upon refreshing Chrome, I once again found I was still getting the “ERR_INVALID_AUTH_CREDENTIALS” error.
 

Local Intranet Security Settings

 
 
What Worked:

At this point I decided to start Googling around for some help. I found several StackOverflow questions that offered some suggestions, but none of them seemed to work. Eventually I stumbled across the suggestion of removing “Negotiate” from the enabled providers in IIS for the site. I gave it a shot, and this is what ended up solving the issue for me.

Here’s how to make the change: Navigate to your site/application in IIS and select it by clicking on it. This should show a list of options in the “features view” on the right hand side of the screen. Find “Authentication” and double click on it.
 

IIS Select Authentication

 
You should now see a list of different authentication types. Click on Windows Authentication to select it and then click on Providers in the Action section of the right hand column.
 

IIS Select Windows Auth

 
This will pop-up a dialog showing the enabled providers. I tried adjusting the negotiate provider’s priority by moving it down the list, but that didn’t seem to have any effect. Remove the “Negotiate” provider by clicking on it in the list to select it and then clicking on Remove.
 

IIS Providers Dialog

 
Click the Ok button on the dialog to close it down and then refresh your site in Chrome.

Version Information:
Google Chrome v33
Internet Explorer v11
IIS v7.5

This entry was posted in  ASP.Net MVC and tagged  ASP.Net MVCChromeIISWindows Authentication. Bookmark the  permalink.
  • 0
    点赞
  • 0
    评论
  • 0
    收藏
  • 一键三连
    一键三连
  • 扫一扫,分享海报

Bulletproof SSL and TLS by Ivan Ristić Table of Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Scope and Audience xvi Contents xvii SSL versus TLS xix SSL Labs xix Online Resources xx Feedback xxi About the Author xxi Acknowledgments xxi 1. SSL, TLS, and Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Transport Layer Security 1 Networking Layers 2 Protocol History 3 Cryptography 4 Building Blocks 5 Protocols 15 Attacking Cryptography 16 Measuring Strength 17 Man-in-the-Middle Attack 18 2. Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Record Protocol 24 Handshake Protocol 25 Full Handshake 26 Client Authentication 32 Session Resumption 34 Key Exchange 35 RSA Key Exchange 38 Diffie-Hellman Key Exchange 38 Elliptic Curve Diffie-Hellman Key Exchange 40 iii Authentication 41 Encryption 42 Stream Encryption 42 Block Encryption 43 Authenticated Encryption 44 Renegotiation 45 Application Data Protocol 47 Alert Protocol 47 Connection Closure 47 Cryptographic Operations 48 Pseudorandom Function 48 Master Secret 48 Key Generation 49 Cipher Suites 49 Extensions 52 Application Layer Protocol Negotiation 53 Certificate Transparency 53 Elliptic Curve Capabilities 54 Heartbeat 55 Next Protocol Negotiation 56 Secure Renegotiation 57 Server Name Indication 57 Session Tickets 58 Signature Algorithms 59 OCSP Stapling 59 Protocol Limitations 60 Differences between Protocol Versions 60 SSL 3 60 TLS 1.0 61 TLS 1.1 61 TLS 1.2 61 3. Public-Key Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
©️2021 CSDN 皮肤主题: 大白 设计师:CSDN官方博客 返回首页
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、C币套餐、付费专栏及课程。

余额充值