Integrated Windows Authentication Passthrough

For general issues related to PWB v2.

Moderators: Tyler, Scott, PWB v2 Moderator

Post Reply
rsg98
Observer
Observer
Posts: 4
Joined: Mon Jan 31, 2005 3:52 am

Integrated Windows Authentication Passthrough

Post by rsg98 »

We use PWBv2 to access an intranet page that is protected by an Active Directory supplied username & password. The page in question is configured to require Integrated Windows Authentication via IISv6.

For IE running in this context, the page would open without prompting for a username/password. However, for PWB, we need to enter the username & password.

Is there a way of getting PWB to pass the logged on user's credentials through to IIS to avoid the user being asked to provide their password twice, or is this a NTLM double-hop artifact?

N.B. we can't hardcode credentials into the registry / INI file, as the page relies on HttpContext.Current.User.Identity to provide personalised content.

Thanks,

Richard

Scott
Site Admin
Site Admin
Posts: 2539
Joined: Mon Dec 16, 2002 12:31 pm
Location: Rochester, MN
Contact:

Post by Scott »

PWB does support the deafult Integrated Windows Authentication functionality as provided by Internet Explorer. After doing some research into the reported problem, it seems there may be a bug in some versions of the Internet Explorer Web Browser Control and the Authentication Interface that PWB utilizes.

Is there anyway we can duplicate the problem you are having from outside your organization on our test computers?

--Scott

rsg98
Observer
Observer
Posts: 4
Joined: Mon Jan 31, 2005 3:52 am

Post by rsg98 »

Thanks for the reply...

Seems the whole thing is a (semi) false alarm, as it appears to work in the majority of cases - just (and typically) not in my test case when I'm logging into a remote box via Terminal Services!

This also appears to only be restricted to my workstation, where the website was put together as well, so more than happy to accept there's probably something weird about this one box.

As such, for me it doesn't seem to be a big priority now, but I can send you a much more detailed description of our setup if you would like it. In short, group policy forces some of our user accounts to use PWB as their custom UI. When I use one of these accounts to login to a box via TS from my workstation, PWB prompts me for a password. If I try TS from a different box, or locally on a different workstation, it passes the auth through fine. Strange... but I'm not sure what I can find that's different about my workstation than the others I've tried - it is however loaded up with VS.NET, platform SDK, etc, etc.

Thanks,

Richard

rsg98
Observer
Observer
Posts: 4
Joined: Mon Jan 31, 2005 3:52 am

Post by rsg98 »

More testing around the organization seems to show that it's more than a few systems that are failing... apart from the offending clients being Windows XP (with a variety of Service Pack level), I can't seem to spot any other correlation.

After you mentioned the possible bug in the Web control, I had a look around - the one support article I found suggested that a redirect from a non-secured page was a possible workaround - tried this with a meta-refresh, but it still prompts for the username/password on the redirect.

At a bit of a loss now!

Scott
Site Admin
Site Admin
Posts: 2539
Joined: Mon Dec 16, 2002 12:31 pm
Location: Rochester, MN
Contact:

Post by Scott »

Are you using the same logon on the terminal server for everyone using PWB?

rsg98
Observer
Observer
Posts: 4
Joined: Mon Jan 31, 2005 3:52 am

Post by rsg98 »

Yep. The same login works on some machine, and not on others. This happens when logging in via TS, or straight into a workstation.

(PWB is enforced via Group Policy applied to the OU that this login sits inside).

Would a more detailed description of our setup be of use?

Thanks,

Richard

Post Reply