Search Results

Search found 5 results on 1 pages for 'iwa'.

Page 1/1 | 1 

• End-to-end kerberos delegated authentication in ASP.NET

  - by Erlend

  I'm trying to setup an internal website that will contact another backend service within the network on behalf of the user using a HttpWebRequest. I have to use Integrated Windows Authentication on the ASP.NET application as the backend system only supports this type of authentication. I'm able to setup IWA on the ASP.NET application, and it's using kerberos as I expect it to. However when the authentication is delegated to the backend system it doesn't work anymore. This is because the backend system only supports kerberos IWA, but the delegation for some reason - even though the incoming request is kerberos authenticated - converts the authentication to NTLM before forwaring to the backend system. Does anybody know what I need to do on the ASP.NET application in order to allow it to forward the identity using kerberos? I've currently tried the followin but it doesn't seem to work CredentialCache credentialCache = new CredentialCache(); credentialCache.Add(request.RequestUri, "Negotiate", CredentialCache.DefaultCredentials.GetCredential(request.RequestUri, "Kerberos")); request.Credentials = credentialCache; I've also tried to set "Kerberos" where it now says "Negotiate", but it doesn't seem to do much.

  Read the article

• why does Integrated Windows Authentication fail when clients access off the network

  - by Bryan

  My background is not with web applications so this problem is hard for me to explain easily. First I'll try to describe the setup. Client setup:-Only browser that is effected is IE 6-8 (Firefox, chrome, opera, and safari all work fine) -A user will try to access our web application from a company laptop that is not connected to our network. -This machine will be a member of our workgroup and have the company DNS listed as a trusted intranet site. (to which the application in question would be a member) -The security logon mode is set to Automatic Logon only in intranet zone only, and IWA authentication is enabled on the clients browser.Server setup:-Windows server 2003 fp2-The application will first redirect to an Authorization asp page which has anonymous access disabled and IWA enabled in IIS.what should happen is that, since the client is not currently on the network, when this page is called it should prompt the user for network credentials. But with IE, instead of prompting, the user gets a page cannot be displayed error because the IIS manager is denying access to the asp page. If the company DNS is removed from the trusted intranet site list then it prompts correctly but disables single sign on the next time that computer is connected to the network or vpn. My assumption is that since IE uses IWA and the site is listed as an internal site, when no network is found IE just sends nulls to the server attempting to authenticate which is swiftly punted back. Other browsers do not have security zones so when network credentials are not present the server prompts for them. Is there a way to get around this so that our clients can keep the company DNS in the intranet zone but still have the server prompt for credentials when not on the network? Any attempt to allow for anonymous access on the asp page, as far as I know, will cause AUTH_USER to return null and again break SSO. I realize this is slightly rambling so I will do my best to clarify and questions you guys might have. Thanks in advance.

  Read the article

• Integrated Windows Authentication with Chrome and FireFox

  - by Jaap

  I have a webapplication which uses claims based authentication. The STS is ADFS 2.0. When I am in the intranet and use IE, IWA is used and no login dialog appears. When I am on the internet zone, the Forms based authentication of ADFS is used. Just what I want. Chrome and FireFox are also working as expected when I am in the internet zone. But when I am in the intranet zone, both come with a login dialog, instead of using IWA. And supplying my credentials in that dialog does not work, it keeps repeating the dialog. Any hints? UPDATE: Did about an hour searching on the internet before I asked this question. But after asking it I did just another search giving the answer :-), matter of finding the correct keywords. Here the answer: http://stackoverflow.com/questions/5724377/mvc3-site-using-azure-acs-adfs-continually-prompts-for-credentials-when-using

  Read the article

• How to perform an NTLM challenge on the iPhone.

  - by toast

  I'm trying to access some web services in an iPhone application. If I GET to the .asmx page, I authenticate and get the WSDL as expected. However, if I POST to the .asmx page, setting the SOAPAction, Content-Type, Content-Length, and HTTPBody, I just keep getting didReceiveAuthenticationChallenge messages. Additionally, I'm trying to POST to IIS using Integrated Windows Authentication (IWA), which means I'm trying to negotiate an NTLM challenge.

  Read the article

• Terse, documented, correct way to create Kerberos-backed user shares in Greyhole

  - by MrGomez

  As a migration strategy away from Windows Home Server (which is currently out of support and intractable for our needs, for a variety of reasons), our little cloister of nerds has targeted Greyhole for our shared use at home. Despite the documentation's terseness, getting the system set up for simple, single-user operation isn't especially difficult, but this scenario fails to service our needs. Among other highlights of the system, we're attempting to emulate Integrated Windows Authentication (with Kerberos) and single-user shares to keep the Windows users in the house happy and well-supported. I'm aware of the underlying systems that go into Greyhole and understand how to set up per-user shares in Samba, but the documentation doesn't seem to support cases for Greyhole to sop up these directories as separate landing zones for replication. Enter my question: are both of these cases (IWA user authentication and user-partitioned personal shares) supported by Greyhole? If so, please cite or link the supporting documentation if it exists.

  Read the article

1