Help with NTLM authentication

Topics: Customizing BugNET, General
Mar 1, 2013 at 11:26 AM
Hello, I'm currently experiencing some issues with setting BN up to use windows authentication.

I followed the instructions in the documentation supplied on codeplex but to no success. I'm currently being presented with a 401 challenge upon attempting to visit the site which is currently on my local box, on the domain:

I've attempted to try to login again at this prompt with mydomain\username and password but that too fails to authenticate.

My web.config has been amended to look like this:
    <forms name="BugNET" loginUrl="~/Account/Login.aspx" timeout="2880" />
    <authentication mode="Windows" /> 
I've set the virtual directory's authentication to be:

I did also try to do this at site level, but the documentation didn't mention this, so I've presently reverted this back to its default settings.

When creating the user in the format of:
I wasn't able to create this user with a blank password. I've tried both using my domain password and generating a random password, both with no success.

On the Authentication page from within the application configuration on the admin panel I've set the 'User Account Source' to be 'Active Directory'

If I've missed anything please let me know and I'd be happy to provide more information where possible.

Thank you in anticipation,
Kind regards,
Mar 1, 2013 at 2:00 PM
Just a note, when switching to windows authentication in the web.config the passwords for accounts aren't used but its good to create strong passwords anyways.

Usually, you would see this prompt if the username is not in the database, but it looks like in your screenshot you have accessed the site via windows authentication but are still getting a prompt? This may be because of a linked file / image or script that is requesting additional authentication or something but would definitely be IIS related as all authentication happens at that point.

You can use chome or IE and use the inspector to see if there are any 401 return values for included references in the network tab (chrome).
Mar 1, 2013 at 2:44 PM
Hi debeaud,

I thought as much regarding the passwords used, but I tried both ways just to be sure.

I've made no changes to the codebase, this is actually just your build I've deployed. I've got the source too which I will be tinkering with at a later date, but I just need AD to work first.

Am I looking for 401s when using Windows Auth or the standard Forms authentication? Nothing gets a 401 when accessing the page with Forms auth. The entire page returns a 401 (obviously!) using windows auth...
Mar 1, 2013 at 2:46 PM
Does the username that you have logged on to the machine (domain) match the username in the database?
Mar 1, 2013 at 2:52 PM
Hi again,

Thank you for the quick reply (again!)

Yeah, the user in the db is my user and I'm logged on as me also.

I just did a quick, whoami to check and they're definitely the same.

Interestingly (but probably not related), no one else on the network can see my box (won't respond to ping nor TCP/80 requests) across the network, but I can see out. Would it be worth trying this on a staging box to see if it just resolves itself?
Mar 1, 2013 at 2:55 PM
Also, If I remember correctly, firefox does not pass NTLM credentials automatically in some circumstances. But if you can access the site, and then get a prompt, it means there is another web request happening that is not authenticated.

You can try in IE and see what happens too.
Mar 1, 2013 at 3:17 PM
First was in Chrome. Same result in that nothing returns a 401 when I'm able to auth using Forms authentication, just the page obviously returns a 401 when cancelling the challenge using windows authentication.

I'm not able to access the site at all. As soon as I attempt to hit it presents the challenge. I can only access anything on the site when I disable windows auth and re-enable anonymous authentication.

Mar 1, 2013 at 4:18 PM
Edited Mar 1, 2013 at 4:19 PM
are you running the application locally or is this on a server in the same domain?

Anonymous must be off, windows on on the virtual directory.
Windows set in the web.config. This will force IIS to authenticate via ntlm.
The user must be domian\username in the database.
Mar 1, 2013 at 4:26 PM
Edited Mar 1, 2013 at 4:27 PM
Looking at your virtual directory screenshot the config is strange, you have a website bugnetnew, but then a folder bugnet under it?

Which one is the app under? If you are running a website, then you should make sure anonymous is off and windows on.
Mar 1, 2013 at 4:29 PM
I'm running this locally on my box at the moment. Just trying to get to grips with it all before we deploy it.

Anonymous is off in the virtual directory (BugNet)
Windows is set in the web.config
User is in there.

The site is 'BugNetNew' as this is the latest version of BN. The old site (BugNet) can be ignored. The virtual directory has been converted to an application as per the setup instructions.
Mar 1, 2013 at 4:35 PM
If you are running as a website, you don't need a sub virtual directory as well.

I am not sure if there are issues running bugnet as a subsite like you have setup right. I would recommend just having the website bugnetnew, no need for another virtual directory under it.
Mar 1, 2013 at 4:43 PM
BTW, what happens when you enter your credentials for the 401 challenge?
Mar 1, 2013 at 5:00 PM
Edited Mar 1, 2013 at 5:01 PM
If I enter the credentials for the 401 it just re-prompts; continues to do this until I cancel the challenge then it 401s.

I'll remove the VD, change the auth for the site and see what happens!

Thanks again
Mar 1, 2013 at 5:05 PM
I removed the virtual directory and changed the authentication settings for the site on IIS. I experience the same issue though.
Mar 1, 2013 at 5:12 PM
For some reason IIS doesn't like your credentials.
Mar 1, 2013 at 5:35 PM
You're not wrong, but I was hoping you might have an idea as to why this is...?
Mar 1, 2013 at 7:08 PM