I have a web site (Web Site A) that is hosting HTML files. The HTML files contain image links that are hosted on another web site (Web Site B). The web site B uses Windows authentication. When a user requests a page on web site A, a network resource dialog pops up for authentication details. I want the images to be loaded with the user having to enter authentication details. I thought that if I run the app pool on web site A using a network login that has access to web site B, then the network resource dialog would not appear, but it still does. Does anyone have any suggestions how I can keep web site A anonymous and load resources from web site B without the network login prompt?
Make sure your users use IE and are logged on to their domain account
http://support.microsoft.com/kb/258063
The following conditions must be met for Internet Explorer to
automatically authenticate a user's logon and password and maintain
security:
Windows Integrated authentication, also known as Windows NT Challenge/Response, must be enabled in the Web site properties in IIS.
Anonymous authentication is attempted first, followed by Windows
Integrated authentication, Digest authentication (if applicable), and
finally Basic (clear text) authentication.
Both the client and the Web server must be either in the same Microsoft Windows NT-based or Microsoft Windows 2000-based domain or
in trusted Windows NT-based or Windows 2000-based domains in which the
user's account can be granted permissions to resources on the
IIS-based computer.
The user's browser must be Internet Explorer. Internet Explorer is the only browser that supports Windows Integrated authentication
(NTCR).
Internet Explorer must consider the requested URL to be on the intranet (local). If the computer name portion of the requested URL
contains periods (such as http://www.microsoft.com and
http://10.0.0.1), Internet Explorer assumes that the requested address
exists on the Internet and does not pass any credentials
automatically. Addresses without periods (such as http://webserver)
are considered to be on the intranet (local); Internet Explorer passes
credentials automatically. The only exception is addresses included in
the Intranet zone in Internet Explorer.
Internet Explorer's Intranet zone security setting must be set to Automatic logon only in Intranet zone. This is the default setting for
Internet Explorer.
For additional information about Internet Explorer security zones,
click the article number below to view the article in the Microsoft
Knowledge Base:
174360 How to Use Security Zones in Internet Explorer
The user requesting the Web page must have appropriate file system (NTFS) permissions to the Web page as well as all of the objects
referenced in the Web page. For example, a user may have Full Control
rights to a Web page, but is prompted for a password if the Web page
refers to graphics that are in a secure folder.
Related
I have a web application that opens a local application on client machines using a protocol already registered during client setup.
The web application gives an alert when opening local application and gives a checkbox to be selected in that alert. If checkbox is checked, the browser doesn't prompt next time when opening the local application.
However, this checkbox is seen when my web application is hosted with https. When hosted with http, the checkbox is not given by the browser and the browser always throws the alert. Can the user at client side manually do something to avoid the alert every time?
I looked into the Google chrome settings. There is Protocol Handlers in Site Settings but it doesn't allow to enter a site manually. It shows outlook.office.com which I can remove but doesn't give a way to enter a site manually.
Is there a workaround to trust a site and not show alert for this specific trusted site
If your environment is Microsoft, with a GPO the website can be added in the safe list address of Internet Explorer options. Otherwise, you will have to do it manually in each endpoint.
I am trying to host my own web page on an Ubuntu server. I can access the webpage if I type the IP address in my web browser, but I can't if I type the domain name (a free one from Freenom).
But if I use the command curl my.domain.name then I get the index.html contents. So, why can't I access the page via my web browser (Firefox/Chromium)?
Note that the ping command also works fine (no packet loss). Finally, I am not hosting the web page on the same computer as the one trying to access it. So far, my best guess is that the problem comes from the web browsers or Freenom, do not hesitate to ask for more info, I will edit my post.
Browser says "Camera Blocked to protect your privacy"
My project include using user camera and when i access application from localhost camera works fine but when accessing through ipaddress, the browser by default blocks the camera and other resource.. how can i allow them for my application.
My application is for an organization who will be accessing the application using ipaddress.
Thank you for reading and your help. :)
type url chrome://flags/#unsafely-treat-insecure-origin-as-secure
Enter url in the textarea
Choose Enabled in the select option
Click image link bellow to see detail
example
Chrome blocks vulnerable features—including camera, location, microphone, etc. on non-secure sites. As of July 2018, with the release of Chrome 68, Chrome starts to mark all HTTP sites as "not secure."
You have three options to unblock these features for your site:
Treat 192.168.10.79 as secure origins by setting chrome://flags/#unsafely-treat-insecure-origin-as-secure. Origins must have their protocol specified, e.g., http://192.168.10.79.
Port forwarding your site address to localhost. Chrome treats localhost as secure origins.
Set up a self-signed certificate for the server.
The problem is because of http protocol. This is not a secure protocol.
Solution
In my scenario I have used https and have got all permissions.
IIS 8.5 web server hosting a web application with its Site enabled for Windows authentication (Providers: Negotiate, NTLM), the web server is joined to corporate domain let's say domain.dom.
The web application hosted on this web server is reachable by the URL let's say https://hostname.lab.local and it is in the corporate Intranet.
Users's laptop (Windows S.O.) that need to access this page are also joined to domain.dom. I would like automatic access against the web page for these users. I was able to reach this with Firefox browser by setting these two parameters:
network.automatic-ntlm-auth.trusted-uris=https://hostname.lab.local
network.negotiate-auth.trusted-uris=https://hostname.lab.local
with Firefox, domain users, can login without providing any credential.
Now the issue comes with Chrome (ver 70.0.3538.67), the web site still prompt for user and password. Anyway if the domain user enters its credential manually, the job is done.
I followed lot of forums so i tried these configuration under Internet Settings, Chrome settings and so on, here some examples:
1) Added the URL https://hostname.lab.local under "Chrome > Settings > Advanced > Open Proxy Settings > Security (tab) > Local Intranet > Sites (button) > Advanced" and
2) tried editing the type of user authentication under Local Intranet>Custom Level with "automatic access in the Intranet area only" then "automatic access with current username and password"
3) I tried to do the same under Trusted Site
4) IWS is also enabled under Advanced>Security
These settings are well explained and shown at this link (i know that it's 7 years ago):
How to enable Auto Logon User Authentication for Google Chrome.
But with no luck.
I also tried launching Chrome with options (no luck):
Chrome.exe -auth-server-whitelist="hostname.lab.local" -auth-negotiate-delegatewhitelist="hostname.lab.local" -auth-schemes="digest,ntlm,negotiate"
Finally i tried with "Chrome policy templates" following these steps, again well explained in the previous provided link (this is a copy\paste):
1. Download and unzip the latest Chrome policy templates
2. Start > Run > gpedit.msc
3. Navigate to Local Computer Policy > Computer Configuration >
Administrative Templates
4. Right-click Administrative Templates, and select Add/Remove Templates
5. Add the windows\adm\en-US\chrome.adm template via the dialog
6. In Computer Configuration > Administrative Templates > Classic
Administrative Templates > Google > Google Chrome > Policies for HTTP
Authentication enable and configure Authentication server whitelist
(hostname.lab.local added in the whitelist)
7. Restart Chrome and navigate to chrome://policy to view active policies
Anyway when i go to chrome://policy i cannot see the Chrome policy just created, even if i can see it under Local Computer Policy, strange isn't it?
All these configuration was performed under a domain joined laptop.
Would be great if someone can help me.
We have a site with a virtual folder where browsing is enabled. To access this folder digest authentication has been enabled so only some users can access it.
With IE, Edge and Firefox everything works as expected but with Chrome every click on a link shows the login / password dialog box (which works normally but as this is a directory browsing makes the experience painful).
If I change the authentication mechanism to Basic then everything works fine in all the browsers ... any insights about what can we do to move back to Digest authentications? (users are logging with their domain accounts so we don't want to send that information thru the wire).