windows authentication doesn't work for all users

bestboy 26 Reputation points
2022-01-13T15:12:38.13+00:00

Hello experts,

Sorry for my english, here is the problem, i have an application published in iis with windows authentication enabled and other authentication disabled.

When I try to access the website with other users, it always prompts me for credentials, I make sure my account password is ok and the users are in the same domain.

This is my first time using windows authentication, would appreciate some troubleshooting suggestions!

Windows development | Internet Information Services
0 comments No comments
{count} vote

Accepted answer
  1. Sam Wu-MSFT 7,561 Reputation points Microsoft External Staff
    2022-01-14T03:09:12.767+00:00

    @bestboy

    There could be an issue with security loopback check. Please find below procedure to disable it.

    • Click Start, click Run, type regedit, and then click OK.
    • Backup the registry.
    • In Registry Editor, locate and then click the following registry key:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
    • Right-click Lsa, point to New, and then click DWORD Value.
    • Type DisableLoopbackCheck, and then press ENTER.
    • Right-click DisableLoopbackCheck, and then click Modify.
    • In the Value data box, type 1, and then click OK.
    • Quit Registry Editor, and then restart your computer.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Michael Taylor 60,326 Reputation points
    2022-01-13T15:55:39.327+00:00

    Windows auth is a privileged operation. You are passing secure credentials to the web server for validation. Browsers won't do this automatically as it would anyone to host a site with Windows auth and then get your secure credentials so they could try to crack your credentials.

    In order to use Windows auth, in addition to properly configuring the website in IIS, you must also enable the sharing of the Win auth on the browser side. The fact that you're getting a login prompt tells me you didn't do that. It depends upon your browser as to how to do that. In most cases you have to ensure the site the user is navigating to is part of the intranet (or trusted) sites for IE. Be aware that the full domain name (e.g. mysite.mycompany.com) and the partial domain name (e.g. mysite) are different. A partial domain name likely won't map to a trusted site but the full domain name will.

    Additionally the options has to be turned on to allow Windows auth for such sites. Here's a link to a step by step set of instructions for doing this in IE.

    For Chrome you have to follow the steps given here. Historically it followed the IE settings so you should configure that as well but you then generally have to whitelist the sites/domains to allow.

    For Edge you can refer to the documentation here. Edge and Chrome are the same base engine but tend to manage separate settings in my experience.

    Note all this can be configured using Group Policies and is the recommended approach if you're in a domain. This makes it easier to manage them all at once.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.