We use PWBv2 to access an intranet page that is protected by an Active Directory supplied username & password. The page in question is configured to require Integrated Windows Authentication via IISv6.
For IE running in this context, the page would open without prompting for a username/password. However, for PWB, we need to enter the username & password.
Is there a way of getting PWB to pass the logged on user's credentials through to IIS to avoid the user being asked to provide their password twice, or is this a NTLM double-hop artifact?
N.B. we can't hardcode credentials into the registry / INI file, as the page relies on HttpContext.Current.User.Identity to provide personalised content.
Thanks,
Richard
Integrated Windows Authentication Passthrough
Moderators: Tyler, Scott, PWB v2 Moderator
PWB does support the deafult Integrated Windows Authentication functionality as provided by Internet Explorer. After doing some research into the reported problem, it seems there may be a bug in some versions of the Internet Explorer Web Browser Control and the Authentication Interface that PWB utilizes.
Is there anyway we can duplicate the problem you are having from outside your organization on our test computers?
--Scott
Is there anyway we can duplicate the problem you are having from outside your organization on our test computers?
--Scott
Thanks for the reply...
Seems the whole thing is a (semi) false alarm, as it appears to work in the majority of cases - just (and typically) not in my test case when I'm logging into a remote box via Terminal Services!
This also appears to only be restricted to my workstation, where the website was put together as well, so more than happy to accept there's probably something weird about this one box.
As such, for me it doesn't seem to be a big priority now, but I can send you a much more detailed description of our setup if you would like it. In short, group policy forces some of our user accounts to use PWB as their custom UI. When I use one of these accounts to login to a box via TS from my workstation, PWB prompts me for a password. If I try TS from a different box, or locally on a different workstation, it passes the auth through fine. Strange... but I'm not sure what I can find that's different about my workstation than the others I've tried - it is however loaded up with VS.NET, platform SDK, etc, etc.
Thanks,
Richard
Seems the whole thing is a (semi) false alarm, as it appears to work in the majority of cases - just (and typically) not in my test case when I'm logging into a remote box via Terminal Services!
This also appears to only be restricted to my workstation, where the website was put together as well, so more than happy to accept there's probably something weird about this one box.
As such, for me it doesn't seem to be a big priority now, but I can send you a much more detailed description of our setup if you would like it. In short, group policy forces some of our user accounts to use PWB as their custom UI. When I use one of these accounts to login to a box via TS from my workstation, PWB prompts me for a password. If I try TS from a different box, or locally on a different workstation, it passes the auth through fine. Strange... but I'm not sure what I can find that's different about my workstation than the others I've tried - it is however loaded up with VS.NET, platform SDK, etc, etc.
Thanks,
Richard
More testing around the organization seems to show that it's more than a few systems that are failing... apart from the offending clients being Windows XP (with a variety of Service Pack level), I can't seem to spot any other correlation.
After you mentioned the possible bug in the Web control, I had a look around - the one support article I found suggested that a redirect from a non-secured page was a possible workaround - tried this with a meta-refresh, but it still prompts for the username/password on the redirect.
At a bit of a loss now!
After you mentioned the possible bug in the Web control, I had a look around - the one support article I found suggested that a redirect from a non-secured page was a possible workaround - tried this with a meta-refresh, but it still prompts for the username/password on the redirect.
At a bit of a loss now!