Chrome browser - Enable integrated windows authentication - auto logon - google-chrome

IIS 8.5 web server hosting a web application with its Site enabled for Windows authentication (Providers: Negotiate, NTLM), the web server is joined to corporate domain let's say domain.dom.
The web application hosted on this web server is reachable by the URL let's say https://hostname.lab.local and it is in the corporate Intranet.
Users's laptop (Windows S.O.) that need to access this page are also joined to domain.dom. I would like automatic access against the web page for these users. I was able to reach this with Firefox browser by setting these two parameters:
network.automatic-ntlm-auth.trusted-uris=https://hostname.lab.local
network.negotiate-auth.trusted-uris=https://hostname.lab.local
with Firefox, domain users, can login without providing any credential.
Now the issue comes with Chrome (ver 70.0.3538.67), the web site still prompt for user and password. Anyway if the domain user enters its credential manually, the job is done.
I followed lot of forums so i tried these configuration under Internet Settings, Chrome settings and so on, here some examples:
1) Added the URL https://hostname.lab.local under "Chrome > Settings > Advanced > Open Proxy Settings > Security (tab) > Local Intranet > Sites (button) > Advanced" and
2) tried editing the type of user authentication under Local Intranet>Custom Level with "automatic access in the Intranet area only" then "automatic access with current username and password"
3) I tried to do the same under Trusted Site
4) IWS is also enabled under Advanced>Security
These settings are well explained and shown at this link (i know that it's 7 years ago):
How to enable Auto Logon User Authentication for Google Chrome.
But with no luck.
I also tried launching Chrome with options (no luck):
Chrome.exe -auth-server-whitelist="hostname.lab.local" -auth-negotiate-delegatewhitelist="hostname.lab.local" -auth-schemes="digest,ntlm,negotiate"
Finally i tried with "Chrome policy templates" following these steps, again well explained in the previous provided link (this is a copy\paste):
1. Download and unzip the latest Chrome policy templates
2. Start > Run > gpedit.msc
3. Navigate to Local Computer Policy > Computer Configuration >
Administrative Templates
4. Right-click Administrative Templates, and select Add/Remove Templates
5. Add the windows\adm\en-US\chrome.adm template via the dialog
6. In Computer Configuration > Administrative Templates > Classic
Administrative Templates > Google > Google Chrome > Policies for HTTP
Authentication enable and configure Authentication server whitelist
(hostname.lab.local added in the whitelist)
7. Restart Chrome and navigate to chrome://policy to view active policies
Anyway when i go to chrome://policy i cannot see the Chrome policy just created, even if i can see it under Local Computer Policy, strange isn't it?
All these configuration was performed under a domain joined laptop.
Would be great if someone can help me.

Related

Can't access SSRS folders on a local server following installation

edit
I also have the same problem as an admin on a domain
I just installed SSRS locally on a machine for and I cannot access the reports I deployed. Everything was installed as admin
when going to the web portal I get this massage
Could not load folder contents
You are not allowed to view this folder. Contact your administrator to obtain the necessary permissions.
and when trying to access the web service via the config manager I get this one:
The permissions granted to user <username> are insufficient for performing this operation. (rsAccessDenied)
Additionally in the web portal I got no "manage" folder and only "my subscriptions" under the settings button .
Everything is running locally and as admin, the OS is windows 11 and the SSRS is version 15.0.1102.1002 and running in native mode.
I've looked all over the place and found out something about certificates, but almost everything in google is about access problems via remote server.
adding the URL to the trusted sites didn't help
it certainly look like you don't have permission. Are you administrator? When you were installing did you set up some users to be administrators?
Find which account is administrator and then add yourself from the SSRS site. Is there another account you can run or Run as administrator?
Another way to install again.
If you decide to install again pay attention on the page with the users.

Chrome request not making it to server

I have a Windows 2016 Server with IIS 10.0.14393.0 installed that is maintained within an isolated VM environment. (The entire VM environment is isolated from the real-world.)
The web server is configured with three websites through IIS, and each website is assigned a dedicated IP. The contents in each of these websites is a single "hello world" html page that can be accessed via a browser from from my development workstation using Microsoft Edge, but I cannot access these pages using Chrome. The simple hello world html page was created only to assist in troubleshooting this issue.
The error received in Chrome is ERR_TIMED_OUT and based on the IIS logs, the request is never reaching the web server. IIS logs do indicate the request/reponse when accessing using Edge.
From my workstation, I can successfully ping the web server, traceroute output does not indicate any unexpected hops, etc. From all indications, the problem appears to be isolated to Chrome and only when accessing the sites on that server. I have other servers (W2016 and W2019) in the real-world with a similar configurations and real applications deployed there that work as expected with any browser.
I am using the latest Chrome Version 105.0.5195.102 (Official Build) (64-bit) and can access other web based content within this VM environment using Chrome, just not on that one server.
I am almost to the point of deleting that VM instance and starting over so any ideas/suggestions are appreciated.
The error received in Chrome is ERR_TIMED_OUT
This is a communication problem indication that there is a problem with the user's local network connection. It can appear when your internet is too slow or your connection is taking too long, or the page or website you are visiting may be too busy, or when the website in question is not set up correctly, or even if the website is trying to perform more than your server can manage.
I'm not sure if you've seen the following methods, but you can try.
Method 1: Browse in Incognito Mode and Remove Extensions.
You should first browse the website in incognito mode to check if you
can open the website normally, if so then the culprit of the
ERR_TIMED_OUT error may be your plugin or extension. Therefore, you
need to enable extensions one by one to check for errors, and if there
is an error enabling an extension, you need to remove it from your
browser.
Method 2: Delete the Default Chrome Folder
Press Win + R keys at the same time to open the Run
Type %LOCALAPPDATA%\Google\Chrome\User Data\ in the box and click OK.
Close your Chrome if it is opened.
A new window pops out, find the folder named Default. Backup the folder anywhere else, then right-click the folder to choose Delete.
After you have deleted the folder successfully, open your Chrome and
then visit the webpage again that you searched before to check if the
error still appears.
Method 3: Update Network Drivers
If your network driver is out of date, you may encounter ERR_TIMED_OUT
errors. Here's how to update network drivers.
Right-click the Start button to select Device Manager.
Scroll down to find Network Adapters and click on it to expand it.
Right-click on your network device and select Update Driver.
Select Search automatically for updated driver software option to start to search and update your network driver to a new version.
After that, restart your computer and open the sites again with Chrome
to see if you can open them.
Method 4: Disable Firewall & Antivirus Software
Sometimes, your firewall or antivirus software may cause trouble.
Therefore, you should try to disable them and check if the problem can
be solved. If you find it helpful to disable these programs, you can
check the firewall settings. Allow Chrome to connect to public or
private networks. If it doesn't work. Permanently delete these
programs, and then use other antivirus software or firewalls.
Method 5: Check Hosts File
When you meet the ERR_TIMED_OUT error accessing a specific website,
you can check the Hosts file to see if the website has been blocked.
Here is the way to do that:
Press Win + E keys at the same time to open File Explorer and then go to the Local Disk C: > Windows > System32 > Drivers > etc.
Open the host file with notepad. If you see the web address that you cannot visit, delete that entire line from the host file and save.
After that, open the Chrome and see if you can open the specific
website.
Method 6: Reinstall Chrome Browser
If none of the methods above fix the ERR_TIMED_OUT error, then you
should try reinstalling Chrome. Here is the tutorial:
Press Win + R keys at the same time to open the Run box, then type appwiz.cpl and click OK to open a new window.
Find Google Chrome in the list, and then right-click it to choose Uninstall.
After uninstalling Google Chrome successfully, you also need to delete its leftover files. Open the Run box again, then type %appdata%
and click OK to open a new window.
Find the Google folder and then right-click it to choose Delete.
Go to Google Chrome’s site to download the latest version of the browser, and then install it.
The above methods are from the web article. To avoid link being unavailable, I have also presented the details. I am not sure if the above methods can help you, but I hope you can solve the problem soon.

Allow HTTP web application to open custom protocol without being prompted always

I have a web application that opens a local application on client machines using a protocol already registered during client setup.
The web application gives an alert when opening local application and gives a checkbox to be selected in that alert. If checkbox is checked, the browser doesn't prompt next time when opening the local application.
However, this checkbox is seen when my web application is hosted with https. When hosted with http, the checkbox is not given by the browser and the browser always throws the alert. Can the user at client side manually do something to avoid the alert every time?
I looked into the Google chrome settings. There is Protocol Handlers in Site Settings but it doesn't allow to enter a site manually. It shows outlook.office.com which I can remove but doesn't give a way to enter a site manually.
Is there a workaround to trust a site and not show alert for this specific trusted site
If your environment is Microsoft, with a GPO the website can be added in the safe list address of Internet Explorer options. Otherwise, you will have to do it manually in each endpoint.

How to load images from secured web site on anonymous web site

I have a web site (Web Site A) that is hosting HTML files. The HTML files contain image links that are hosted on another web site (Web Site B). The web site B uses Windows authentication. When a user requests a page on web site A, a network resource dialog pops up for authentication details. I want the images to be loaded with the user having to enter authentication details. I thought that if I run the app pool on web site A using a network login that has access to web site B, then the network resource dialog would not appear, but it still does. Does anyone have any suggestions how I can keep web site A anonymous and load resources from web site B without the network login prompt?
Make sure your users use IE and are logged on to their domain account
http://support.microsoft.com/kb/258063
The following conditions must be met for Internet Explorer to
automatically authenticate a user's logon and password and maintain
security:
Windows Integrated authentication, also known as Windows NT Challenge/Response, must be enabled in the Web site properties in IIS.
Anonymous authentication is attempted first, followed by Windows
Integrated authentication, Digest authentication (if applicable), and
finally Basic (clear text) authentication.
Both the client and the Web server must be either in the same Microsoft Windows NT-based or Microsoft Windows 2000-based domain or
in trusted Windows NT-based or Windows 2000-based domains in which the
user's account can be granted permissions to resources on the
IIS-based computer.
The user's browser must be Internet Explorer. Internet Explorer is the only browser that supports Windows Integrated authentication
(NTCR).
Internet Explorer must consider the requested URL to be on the intranet (local). If the computer name portion of the requested URL
contains periods (such as http://www.microsoft.com and
http://10.0.0.1), Internet Explorer assumes that the requested address
exists on the Internet and does not pass any credentials
automatically. Addresses without periods (such as http://webserver)
are considered to be on the intranet (local); Internet Explorer passes
credentials automatically. The only exception is addresses included in
the Intranet zone in Internet Explorer.
Internet Explorer's Intranet zone security setting must be set to Automatic logon only in Intranet zone. This is the default setting for
Internet Explorer.
For additional information about Internet Explorer security zones,
click the article number below to view the article in the Microsoft
Knowledge Base:
174360 How to Use Security Zones in Internet Explorer
The user requesting the Web page must have appropriate file system (NTFS) permissions to the Web page as well as all of the objects
referenced in the Web page. For example, a user may have Full Control
rights to a Web page, but is prompted for a password if the Web page
refers to graphics that are in a secure folder.

Google Earth Enterprise Portal 5.0 Accessible via localhost only

Good Morning. I have downloaded and installed GE Enterprise portal v5. When I start the application, it automatically launches the browser and sends me to http://localhost:9335. It loads just fine and I am able to view the image and polygon. I then close the server and open the portable.cfg and added the following line: accept_all_requests True, which us supposed to allow others to view and use the published globes and services from other machines. I then restart the application. When I try and navigate to my portal instance via another machine or via the named machine name http://9335 I get page not found. I have tried changing the ports, disabling my local firewall and HIPs with no luck. Are you supposed to be able to hit an instance of portal from a url other than localhost?
Thanks.