Site with Windows authentication - sometimes gives password prompt - iis

I have a local site (IIS6, although similar issue with a totally different site using IIS5.1) which uses integrated windows authentication, from what I can tell - using IE7 if a user enters the URL into the address bar, everything works OK and the user is logged in automatically. However, if the user clicks on a hyperlink within an e-mail (using Outlook), the site opens but the user gets a login prompt - when details are entered everything then works fine.
Can anyone explain why this is the case? I should say it's actually very temperamental, sometimes the above occurs, sometimes it doesn't... any help is appreciated.
cheers!

Are the urls of the two cases identical? If there is a . in the url, IE will not attempt to pass the user credentials to the site, and will therefore not automatically log you in.
Example: http://mysite/page.aspx is different from http://mysite.domain.local/page.aspx, even though they might point to the same server.
If Outlook is launching using the domain.local, you will get the behaviour you describe.

Related

Video Indexer Displays blank dashboard

I want to highlight an issue that I am encountering with video indexer. On my machine, whenever I try to login to video indexer ( either microsoft or gmail account), it shows me blank dashboard like the one below:
I have tried running it on other browsers and incognito as well (clearing browser cookies too). But nothing works on my machine. However, the same works fine when I log in through my other machine. Any help will be appreciated.
Make sure you try incognito mode without any browser plugins/extensions.
Can you open the browser console and see if you are getting any errors or network issues?
Looks like the GRAPH API is hitting a 401.
This is used to return the currently logged in user.
Since you are saying it is working in another machine fine.
The possibility I can think of is because of Conditional Access Policy(Location based mostly).
There could be some policies(for Security) that can be set at the tenant level which is making the Graph API to error out with 401.
The one machine is within the compliance (trusted network/vpn/domain joined etc.) where as the other one is not compliant. Hence the error.

How to logout of an HTTP authentication (htaccess) that works in Google Chrome?

I got a solution for Firefox and IE but I didn't find any solution for Google Chrome.
Is there a way to do it in Google Chrome?
I know it's a really old post... I mean like friggin 5 years now, but I just found a somewhat good solution.
Inside your protected folder, create another folder, let's call it "logout". Place the same .htaccess file in here as you have in your protected folder, except with a small modification.
instead of:
Require valid-user
now write:
Require user EXIT
And make sure, you don't have a user named exit! :D
In your protected area, your logout link or button or whatever, should redirect the user to this address: example.com/protectedFolder/logout
The browsers usually are able to keep only one user logged in from one site name or realm name... the sign in attempt for the user Exit will overwrite everything, thus the originally logged in user, would have to log in again to the protected area.
But as always, I might be wrong, and you should still close all your browser window, and restart the computer if you want to be sure! :)
Also, it wouldn't hurt, if you would tell your users what is going to happen, when they hit logout!
I have tested this in chrome and in internet explorer 11.(will not work in edge, and maybe others neither)
The solution was found here:
https://www.mavensecurity.com/media/BasicAuthLogOut.pdf
You can't logout a HTTP authenticated session other then closing the browser window. Also see the accepted answer on this question for an extensive explanation.
try redirect to:
wrong_user:wrong_password#yourdomain.com
I have put together the following article which explains how I have managed to achieve this in Chrome. I hope this helps. https://www.hattonwebsolutions.co.uk/articles/how_to_logout_of_http_sessions
In short - you create a sub folder (as per Gyula's answer) but then send an ajax request to the page (which fails) and then trigger a timeout redirect to the logged out page. This avoids having a secondary popup in the logout folder requesting another username (which would confuse users). My article uses Jquery but it should be possible to avoid this.

Sharepoint problem: switching user correctly but internaly maintains "old" user

I'm facing an extrange behavior in my Sharepoint 2077 farm:
We have configured windows integrated authentication with NTLM, and all clients authenticates correctly to the portal.
When they proceeds to "login as" diferent user, it seems to be all fine (appears user name in top of page) , but internally the page user is the old user. I know this because I have a customized web page that reads page user name and print it to the page.
after some refresh or waiting some time, the current user is applied "internally" too.
Do you know is there is any configuration option for avoid this delay?
Many thanks in advance,
any help would be appreciated.
solved there:
http://support.microsoft.com/default.aspx/kb/970814

Post Username & Password To Protected Folder/Site

I'm trying to post a username & password from an HTML form to a protected folder on a website? Is this possible? I thought I just pass in a syntax in the URL like the below but not having any success
http://username:password#theurlofthesite.co.uk
I'm still getting the alert pop up asking for the username and password? I need to be able to auto log the person in..
Hope someone can help? Thanks
If you login via a HTML form, then this won't work. This is only for HTTP authentication, which is something else completely different.
I don't think many (any?) browsers support being opened to post data. Which leaves you hoping that the site accepts GET based logins (and they should be shot if they do.).
The address part of the URL is parsed by your web server, so the code which handles the HTML form never sees it.
If you want to pass parameters to a form, you must use url?field=value&field2=value2. This only works with forms that use the GET action. For POST, you need a program to generate an encoded document and upload that.
In both cases, your user name and password are broadcasted as plain text on the Internet, so the account will be hacked within a few hours. To put it more clearly: There is no way to "protect" the data in this folder this way. This is like adding a door with four locks to your house and keep the keys on a nail in a post on the street next to the door.
I did exactly what I did in the question and it works on all browser except Safari on a Mac

Cannot login to WSS 3.0 site using forms authentication

A changed Windows authentication to Forms authentication. Using the following example.
I added a user with Web Site Administration Tool. Finally I added this user as Site Collection Administrators and the user is recognized by SharePoint. Happy with that is started my WSS site in the browser but when I try to Sign in using this sign in form it is not working. Returns to this form after the submit (//spvm:100/_layouts/login.aspx?ReturnUrl=%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252f&Source=%2f)
I have been scanning my Eventviewer but no succes for any comment what tells me what I am doing wrong. Maybe some of you guys can help me out?
Once you are redirected to this page, try navigating to http://spvm:100. Sometime I get this kind of case where I move make to the root, then it works. I really didnt know the reason why sometime it behaves like that.
I had the same issue. I found that something was wrong with my browser's settings. I tried to log in with another browser (Firefox) and that worked for me.
I don't know yet what was wrong with my IE7's settings, on another machine I could log in to a forms auth site without any problem.

Resources