I have created a website and hosted it in IIS Server on Windows Server 2012 R2. I have set the authentication to be Windows Authentication. When the user who has logged into the domain tries accessing the website, everything works fine and no prompt is shown to the user.
Now I need to serve this website over https. I have purchased the certificate and added it to the website and have set up the SSL binding. When the user tries accessing the website now (using Google Chrome), he/she gets a "Sign in" prompt like this:
Why does this happen? Is there a setting in IIS I can change so that the user is not prompted?
I cannot not find documentation from Microsoft on how is this supposed to happen but I was under impression that the browser would pass the user's credentials to the IIS server without prompting the user to enter them.
With the information from this post, I found the solution for Google Chrome (67.0.3396.99). Apparently Chrome (as well as IE) reads the settings from Internet Options in Control Panel.
Here are the steps to remove the Sign in prompt:
Go to Control Panel -> Internet Options
Go to Security tab and select Trusted sites zone:
Click Sites button and make sure that you have your website's URL added to the list. Add it if you do not see it.
Close the Trusted sites popup.
In the Internet Properties dialogue, click Custom level… button
Scroll down to User Authentication section and make sure that you have “Automatic logon with current user name and password” option selected.
Click OK button to close the security settings dialogue.
Click Yes button on the Warning popup.
Click OK button to close the Internet Properties dialogue.
Related
I have an SSRS 2017 install that does not prompt for credentials when going to the HTTP URL for a report. When I change the URL to HTTPS, regardless of the browser or user, credentials are required/prompted for. How can this be bypassed??
This fixed it for me....
Hit Windows key + S key and type Internet Options to bring up Internet Options, got to Security tab
Click Sites and confirm that https://*.domainhere.com is listed
Click Custom level and scroll to the bottom for User Authentication and choose Automatic logon with current user name and password
close Microsoft Edge, reopen and attempt to go to your SSRS https sites
I don’t know if this will break anything else you connect to in Edge that’s trusted, so please be aware of that
I have a web application that opens a local application on client machines using a protocol already registered during client setup.
The web application gives an alert when opening local application and gives a checkbox to be selected in that alert. If checkbox is checked, the browser doesn't prompt next time when opening the local application.
However, this checkbox is seen when my web application is hosted with https. When hosted with http, the checkbox is not given by the browser and the browser always throws the alert. Can the user at client side manually do something to avoid the alert every time?
I looked into the Google chrome settings. There is Protocol Handlers in Site Settings but it doesn't allow to enter a site manually. It shows outlook.office.com which I can remove but doesn't give a way to enter a site manually.
Is there a workaround to trust a site and not show alert for this specific trusted site
If your environment is Microsoft, with a GPO the website can be added in the safe list address of Internet Explorer options. Otherwise, you will have to do it manually in each endpoint.
We have a site with a virtual folder where browsing is enabled. To access this folder digest authentication has been enabled so only some users can access it.
With IE, Edge and Firefox everything works as expected but with Chrome every click on a link shows the login / password dialog box (which works normally but as this is a directory browsing makes the experience painful).
If I change the authentication mechanism to Basic then everything works fine in all the browsers ... any insights about what can we do to move back to Digest authentications? (users are logging with their domain accounts so we don't want to send that information thru the wire).
I need to change a setting for a user through there browser, a user normally right clicks on Chrome and selects opens in administrator mode, is it possible to automatically check if a user is logged in as an administrator?
Signed Java Applet was my fix, I copy a file into the clients temp folder on there pc and if that's successful, then I have admin rights to the clients browser.
I just want to know if the cookies are created while I try to access websites on localhost in Google Chrome.
Only if the page on localhost creates a cookie (client-side or server-side).
External resources (images, frames) may also create cookies, depending on your preferences.
You can check it yourself by opening the Developer tools (F12) -> Resources -> Cookies.
Simply press F12, open Application tab, expand Cookies in left menu, right click on localhost and and and click Clear!