Windows authentication

FireFox 30 no longer prompts for Windows Authentication? I'm having to turn Basic Auth on in IIS to force this?

https://support.mozilla.org/en-US/questions/1005709 < same issue, see Kohei's post in this other thread

Similar Messages

ADFS 3.0 Windows Authentication not working

I recently upgraded from ADFS 2.1 and TMG 2010 as the reverse proxy to ADFS 3.0 and Web Application Proxy as the reverse proxy. I have upgraded to ADFS 3.0 successfully and it is working without anything changing to the end users. This is still
using TMG 2010 as the reverse proxy.
When I make the changes to use WAP as the reverse proxy, I get prompted with a forms based authentication page instead of the usual windows authentication screen. This poses a problem since this creates an extra step for people when logging on to our
sites that use SSO since there's no "save password" box. I can move the traffic back to TMG and it's back to working like it should but we are looking to remove TMG very soon.
When I am on the "inside" network connecting to ADFS without the reverse proxy, it works just fine. However, ALL of our users are "outside" of the network will be using the reverse proxy. None of the computers are domain joined.
The issue seems to only be when using Web Application Proxy server to service ADFS SSO requests.....TMG servicing these requests does not have this issue.
What's the difference? How can I get this functionality back with WAP?

Hi Eric,
Based on my research, when publishing applications that use Integrated Windows authentication, the Web Application Proxy server uses Kerberos constrained delegation to authenticate users
to the published application.
To use Integrated Windows authentication, the Web Application Proxy server must be joined to an AD DS domain.
More information for you:
Web Application Proxy: Some applications are configured to perform backend authentication using Integrated Windows authentication but the server is not joined to a domain
http://technet.microsoft.com/en-us/library/dn464299.aspx
Best Regards,
Amy

My MacBook Pro Retina's Bluetooth chipset unknown/odd login message on the login screen states Login Window Authentication Login window Name edit text has keyboard focus. In addition, the login screen is not remembering me

I have been experiencing several issues with my MacBook Pro Retina mid 2012. My MBPR is scheduled to go into the depot. However, I am wondering if anyone may be able to shed light on a few issues as this is the third "official" time my MBPR is going back for service ("one depot" trip; "one authorized" dealer; several in-store visits).
My Bluetooth is stating that the Bluetooth Chipset is Unknown (0). I also have had Bluetooth Preferences mysteriously change on me. In addition, while Bluetooth is off there are two serial modems turning on. I have turned them off, but they continue to pop up.
In addition, when I log in, my MBPR is not remembering me and my login name is not appearing on the slate-gray screen. The name and password are blank and the following message appears in the lower left hand corner. "login window authentication login window Name edit text has keyboard focus." As a side note, I am the only user. The login issue is a recent occurrence as we just totally wiped it again via a Command + R, and I don't believe I have an accessibility setting set to anything that would cause this, but wanted to check.
Should I be concerned here? Has anyone else had issues like this? I don't want to worry if I don't have to. I have had so many issues over the course of nine months. 5-6 wipes. Airport card replaced and I am about to pull my hair out if my MBPR doesn't come back worldly like clock work this time. I just can't send my days trying to get a $2300 product to work for me any longer. No idea what is wrong with it, but it is driving me insane. Cross your fingers for me and any guidance you have or thoughts would be welcomed. Thank you. EMM

A few more issues...
In Console, the following is greyed out:
User and Diagnostic reports
Com.apple.launchd.peruser.0
Com.apple.launchd.peruser.88
Com.apple.launchd.peruser.89
Com.apple.launchd.peruser.92
Com.apple.launchd.peruser.97
Com.apple.launchd.peruser.200
Com.apple.launchd.peruser.201
Com.apple.launchd.peruser.202
Com.apple.launchd.peruser.212
*[user logs are accessible]
Krb5kdc
Radius
My guest files are locked, but again I am the administrator of MBPR.
I am worried about a keystroke logged or at least, trying to rule it out.
Also:
Mdworker32(225) [and other mdworker numbers] are sandboxing; stating deny Mach-lookup
Com.apple.Powermanagement.control, etc. long attachment with those files with version: ??? (???).
Postinstall: removing applications/Microsoft Office 2011/Microsoft Outlook.app
WARNINGS in Console include:
[NSImage compositeToPoint:fromRect:operation:fraction:] is deprecated in MacOSX 19.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction] instead.
There are a ton of other warnings. Before I go through this again, can someone tell me if this is normal (all of it -- above too); or if these are symptoms is a keystroke logger or hardware issues?
I ask because originally, when my computer went in for diagnostics (more than once), Apple stated the hardware was fine (other than Airport Card -- finally). However, if I've done 5-6 total wipes; created new users; do not have sharing set-up; have not played around in Terminal; and am up-to-date with versions -- and various issues KEEP COMING BACK -- I am left wondering if a keystroke logger would be possible here?!? I thought maybe a faulty logic board, but why would diagnostics be okay, then? Not trying to be hyperbole, just desperate.
Please help me rule keystroke logger out or at least, tell me so I know, so I can take appropriate action. If you think it could be the logic board with symptoms above, that would be a great too.
All I want to do is use the computer as intended, but I can't seem to get a real answer, so after nine months -- I am turning to the communities to see if anyone -- anyone at all -- can help. The last thing I can do is have the MBPR come back from the depot and the same thing occur. Any guidance or advice would be so gratefully appreciated.

How to resolve a windows authenticated orphaned user in Sql Server 2008 R2?

Hi,
We have some orphaned windows authenticated users(domain) in the database while it had been
migrated from Sql Server 2005 to Sql Server 2008 R2, because there are no corresponding
logins for the users. Will just adding the logins would be sufficient or after adding the
logins should we also run sp_change_users_login @Action='update_one' to resolve any sid
conflict. Thanking you in advance,
With regards
Binny Mathew

Binny
You have issue with orphaned users if you use Mixed Authentication. If you use Windows and move the db to the new server the Windows Login should be exist on the new server already.
Best Regards,Uri Dimant SQL Server MVP,
http://sqlblog.com/blogs/uri_dimant/
MS SQL optimization: MS SQL Development and Optimization
MS SQL Consulting:
Large scale of database and data cleansing
Remote DBA Services:
Improves MS SQL Database Performance
SQL Server Integration Services:
Business Intelligence

Getting SPWeb.CurrentUser as null with Windows Authentication (AD), when configured for Claims Authentication

Hi All,
We recently migrated to SP 2013 from SP 2010. We are using most of the OOB features, with a few custom code. We have implemented a custom ASP.NET Membership Provider that authenticates against a web service. This was working fine on SP 2010.
The entire code base was migrated to SP 2013 (with .net fw 4.5, etc) and any issues Compile / Runtime were fixed. However, we are stuck at one bug, which seems to be occuring only while trying to login with Windows Authentication. When a user tries to login
with Forms Authentication, the error is never noticed.
Scenrio: Login as Windows Authentiction.
Result: The user is signed into the system and is authenticated against the AD. For random page loads - it throws access denied (even though he is a site collection admin). While attaching a debugger, we found that, at times the SPWeb.CurrentUser is null (weird).
At the same time, the HttpContext.Current.Request.IsAuthenticated returns true. Which means the User is Authenticated, but not available in the SPWeb.CurrentUser object.
Attached are couple of ULS Logs that we found. The line which says IsAuthenticated=True, UserIdentityName=, ClaimsCount=0 is a little disturbing. Can you please let me know what is happening here? I am not able to access the root site (http://win2012d2:1234/)
however, i am able to access (http://win2012d2:1234/SitePages/Home.aspx) just fine, without any issues.
Please note, this error is only when the user is logged into sharepoint as a windows user. The forms user faces no such issues.
ULS Logs:
Name=Request (GET:http://win2012d2:1234/)
Non-OAuth request. IsAuthenticated=True, UserIdentityName=, ClaimsCount=0
Application error when access /, Error=Exception of type 'System.ArgumentException' was thrown. Parameter name: encodedValue
at Microsoft.SharePoint.Administration.Claims.SPClaimEncodingManager.DecodeClaimFromFormsSuffix(String encodedValue)
at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(IClaimsIdentity claimsIdentity, String encodedIdentityClaimSuffix)
at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedIdentityClaimSuffix)
at Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromLoginName(String loginName)
at Microsoft.SharePoint.ApplicationRuntime.SPHeaderManager.AddIsapiHeaders(HttpContext context, String encodedUrl, NameValueCollection headers)
at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.PreRequestExecuteAppHandler(Object oSender, EventArgs ea)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Getting Error Message for Exception System.ArgumentException: Exception of type 'System.ArgumentException' was thrown. Parameter name: encodedValue
at Microsoft.SharePoint.Administration.Claims.SPClaimEncodingManager.DecodeClaimFromFormsSuffix(String encodedValue)
at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(IClaimsIdentity claimsIdentity, String encodedIdentityClaimSuffix)
at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedIdentityClaimSuffix)
at Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromLoginName(String loginName)
at Microsoft.SharePoint.ApplicationRuntime.SPHeaderManager.AddIsapiHeaders(HttpContext context, String encodedUrl, NameValueCollection headers)
at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.PreRequestExecuteAppHandler(Object oSender, EventArgs ea)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
[Forced due to logging gap, Original Level: Verbose] Looking up {0} site {1} in the farm {2}
Unknown SPRequest error occurred. More information: 0x80070005
SPRequest.GetPageListId: UserPrincipalName=, AppPrincipalName= ,bstrUrl=http://win2012d2:1234/
System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), StackTrace:
at Microsoft.SharePoint.SPContext.get_ListId()
at Microsoft.SharePoint.SPContext.get_List()
at Microsoft.SharePoint.WebControls.ScriptLink.InitJs_Register(Page page)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
Boolean ignoreFileNotFound)
at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)
at Microsoft.SharePoint.WebControls.ScriptLink.Register(String uiVersion, Control ctrl, Page page, String name, Boolean localizable, Boolean defer)
at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer)
at Microsoft.SharePoint.WebControls.ScriptLink.GetOnDemandScriptKey(String strKey, String strFile, Boolean registerDependencies, Control ctrl, Page page)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Page page, String strFile, Boolean localizable)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
Boolean ignoreFileNotFound)
at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)
at Microsoft.SharePoint.WebControls.ScriptLink.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride)
at System.Web.HttpServerUtility.Execute(String path, TextWriter writer, Boolean preserveForm)
at System.Web.HttpServerUtility.Transfer(String path)
at Microsoft.SharePoint.Utilities.SPUtility.TransferToErrorPage(String message, String linkText, String linkUrl)
at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorHandler(HttpApplication app, Boolean errorIsOnErrorPage)
at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorAppHandler(Object oSender, EventArgs ea)
at System.EventHandler.Invoke(Object sender, EventArgs e)
at System.Web.HttpApplication.RaiseOnError()
at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)
at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)
at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
SPRequest.OpenWeb: UserPrincipalName=, AppPrincipalName= ,bstrUrl=http://win2012d2:1234/
System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), StackTrace:
at Microsoft.SharePoint.SPWeb.InitWeb()
at Microsoft.SharePoint.SPWeb.get_WebTemplateConfiguration()
at Microsoft.SharePoint.WebControls.ScriptLink.InitJs_Register(Page page)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
Boolean ignoreFileNotFound)
at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)
at Microsoft.SharePoint.WebControls.ScriptLink.Register(String uiVersion, Control ctrl, Page page, String name, Boolean localizable, Boolean defer)
at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer)
at Microsoft.SharePoint.WebControls.ScriptLink.GetOnDemandScriptKey(String strKey, String strFile, Boolean registerDependencies, Control ctrl, Page page)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Page page, String strFile, Boolean localizable)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
Boolean ignoreFileNotFound)
at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)
at Microsoft.SharePoint.WebControls.ScriptLink.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride)
at System.Web.HttpServerUtility.Execute(String path, TextWriter writer, Boolean preserveForm)
at System.Web.HttpServerUtility.Transfer(String path)
at Microsoft.SharePoint.Utilities.SPUtility.TransferToErrorPage(String message, String linkText, String linkUrl)
at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorHandler(HttpApplication app, Boolean errorIsOnErrorPage)
at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorAppHandler(Object oSender, EventArgs ea)
at System.EventHandler.Invoke(Object sender, EventArgs e)
at System.Web.HttpApplication.RaiseOnError()
at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)
at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)
at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)

Hi Mohamed,
According to your description, my understanding is that the error occurred when users login with Windows Authentication.
From the error message, I recommend to check if the anonymous access is enabled for the web application.
And please also make sure that the users all are available and have permission to access the site.
Here is a similar thread for you to take a look:
http://social.technet.microsoft.com/Forums/en-US/28623bdc-a2f0-4876-9be4-9a764f106366/getting-spwebcurrentuser-as-null-with-windows-authentication-ad-when-configured-for-claims?forum=sharepointdevelopment
Best regards.
Thanks
Victoria Xia
TechNet Community Support

Windows authentication on every ajax call MVC

I've created an MVC project with windows authentication.
From my views, I use Jquery to retrieve data from the controller asynchronously in order to provide a better user experience and reduce loading times.
These functions look like
public JsonResult someFunction(string parameter)
return Json(result, JsonRequestBehavior.AllowGet);
Everythings works as I want in Chrome, where it prompts me for login when I open the page and no more for the duration of that session. However, in IE, it prompts me for login when I open the page, and on every single ajax call...
Why is this happening and how can I avoid it?
I need to use windows authentication and IE, I can't change that...

Hello,
In order to get your issue solved more efficiently and since this is a MVC issue, I would recommend you post this issue in
http://forums.asp.net/1146.aspx/1?MVC forum to get supports.
Thanks for your understanding.
Regards,
Carl
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

Windows Authentication on a Coldfusion Application

Hi community!
I am working on a coldfusion application and I had a meeting
today to show my client my progress. The IT director asked if they
could use Windows Authentication in the new program because the
doctors and therapists forget everything. My answer was kind of
defensive but they asked me to figure that out.
I have no idea as where to start! Can somebody put some light
in my head?
Any thoughts? Any ideas? Any resources?
I work full time in a software development company, this
project is part of the jobs I do on the side so I can afford gas!
he,he In my primary job we have never created a coldfusion app that
works like that. So that's why I am confused.
Thanks fellows!

I use integrated Windows Authntication on my intranet. There
is a checkbox for it under IIS.
This allows the uername to be visible to CF using the
#cgi.auth_user# variable.
As for security, I maintain a data table with each username
and appropriate permissions. In my application, I merely confirm
that the currently logged in user is authorized for given areas of
my site.
Works great. The only real caveat is that some places might
aruge that you are not verifying that the person behind the
keyboard is really the person currently logged into that particular
machine on the network. My defense is that this scenario is the
responsibility of the currently logged in user, rather than the web
developer. Your environment may dictate more stringent criteria or
verification.
BTW: My implementation has passed muster with our security
audits in the medical field for the last eight or nine
years.

Windows authentication on Intranet site on IIS8.5 works when using the IP of the site, but not the URL.

I have an intranet website on server 2012R2 with IIS8.5.
When I access the site by IP address, the site prompts for windows authentication and it only permits access to the areas the logged in user is allowed.
When I access the site by URL, Firefox prompts for authentication and gives the correct access, but when I access the URL from IE or Chrome, the site never prompts for credentials and the entire site is wide open to anyone.
I have anonymous authentication disabled, Windows authentication enabled, and basic authentication enabled, set to default to our domain, so the user doesn't have to type domain\username.
I left the site bindings open, because when I bind to an IP or host name, the intranet site stops working.
Can anybody tell me what I am doing wrong???

When I access the site by URL, Firefox prompts for authentication and gives the correct access, but when I access the URL from IE or Chrome, the site never prompts for credentials
and the entire site is wide open to anyone.
Are you accessing the site from a domain-joined workstation? It's possible that it looks wide open because IE and Chrome are using your existing Windows credentials without any prompting, whereas Firefox is not automatically using these creds so is prompting.

Windows Authentication on SP 14 Server

Hi,
i want to achieve Windows Authentication on SP 14 Server.
which is the best way?
Thanks in advance
Regards,
Bobu

You can go for Kerberos Authentication. There are plenty of weblogs and forum discussions on this.
Windows Integrated Authentication via Kerberos on an LDAP data source
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/b69f6f89-0a01-0010-1198-ba7fff95a2ec
Regards,
Piyush
ps: please award points if useful.

How can I connect to oracel-10 using windows authentication?

Hi,
in Oracle 9 I could do this:
Put the windows user in the group ORA_DBA, then:
set ORACLE_SID=MySID
sqlplus /nolog
connect / as sysdba
With oracle 10 it always seems to ask for username and Password.
Is there a way around this?
Can I log in thru windows authentification somehow like this
set ORACLE_SID=MySID
sqlplus /nolog
connect as sysdba
without now being asked for username and password now?
How can I accomplish this?
I would not want to specify the password in an sql file; this would be much worse than being able to connect thru windows authentication.
Thank you for letting me know.
Sincerely
Andreas

Hi,
thank you all for answering first of all.
I thought that connecting with the slash as sysdba:
connect / as sysdba
was an old syntax of oracle9.
But you are right, obviously it is not.
However, oracle10 gives me now the message:
SQL> connect / as sysdba
ERROR:
ORA-01031: insufficient privileges
How come you don't get this message?
Are you using Oracle-9 or oracle-10?
I was logged on as user oracle; and this user is member of the administrators group and also the group ORA_DBA.
How come then that it still throws the insufficient privileges message?
Could you please let me know, what you do differently or what I forgot?
Regards
Andreas

Windows Authentication option not available in Windows 8.1

Hi,
I am using Windows 8.1 OS. "Windows Authentication" option is not available in my laptop. I navigated to below path.
Windows Features --> Internet Information Services --> World wide web services --> Security --> in this I am not able to see windows authentication. Please let me know.
Thanks in Advance!
Krishna.

Hi Meipo,
Thank you for the information and reply.
I ran command in my laptop. I got below error.
Image version : 6.3.9600.17031
Error: 0x800f080c
Feature name IIS-WindowsAuthentication is unknown.
Is this problem with OS version? Please suggest me how can I get windows authentication in my laptop.
Thanks in Advance!
Krishna.

Error 18452 "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication" on SQL Server 2008 R2 Enterprise Edition 64-bit SP2 clustered instance

Hi there,
I have a Windows 2008 R2 Enterprise x64 SP2 cluster which has 2 SQL Server 2008 R2 Enterprise Edition x64 SP2
instances.
A domain account "Domain\Login" is administrator on both physcial nodes and "sysadmin" on both SQL Server instances.
Currently both instances are running on same node.
While logging on to SQL Server instance 2 thru "Domain\Login" using "IP2,port2", I get error 18452 "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication". This happened in the past
as well but issue resolved post insatllation of SQL Server 2008R2 SP2. This has re-occurred now. But it connects using 'SQLVirtual2\Instance2' without issue.
Same login with same rights is able to access Instance 1 on both 'SQLVirtual1\Instance1' and "IP1,port1" without any issue.
Please help resolve the issue.
Thanks,
AY

Hello,
I Confirm that I encountred the same problem when the first domain controller was dow !!
During a restarting of the first domain controller, i tried to failover my SQL Server instance to a second node, after that I will be able to authenticate SQL Server Login but Windows Login returns Error 18452 !
When the firts DC restart finishied restarting every thing was Ok !
The Question here : Why the cluster instance does'nt used the second DC ???
Best Regards
J.K

Windows authentication failure on SharePoint 2013 zone

I am attempting to set up a Windows authentication zone in a SharePoint 2013 installation for use by the search crawler. The zone has been configured to use NTLM in order to eliminate Kerberos from the equation. The result of my
attempts to access the Windows authentication zone is a 403 error. Central Administration is working on the same server, and of course is using Windows authentication.
I know about the issue of using Windows authentication to localhost, and have configured the backconnectionhostnames entry in the registry. To prove that I can use Windows authentication using the intended host name for the SharePoint zone, I have
set up a test IIS site that binds to the host name used by the zone, and successfully authenticated using Windows authentication.
From monitoring the ULS logs it's obvious that I'm actually successfully completing Windows authentication, and getting a SharePoint claim, but from that point I'm being denied by SharePoint. I do know that my Windows credentials has site collection
administrator privileges. The most interesting failure in the ULS log appears to be:
SPApplicationAuthenticationModule: Authorization header doesn't contain Bearer, can't try to perform application authentication.
Another odd thing is that after the ULS indicates I have failed authentication, I'm redirected to /_layouts/AccessDenied.aspx instead of the login page defined in web.config. I have tried many things, including enabling Kernel-mode authentication.
Below is an excerpt from my ULS logs:
SPApplicationAuthenticationModule: There is no Authorization header, can't try to perform application authentication.
Non-OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0
[Forced due to logging gap, cached @ 12/01/2014 15:48:32.53, Original Level: Verbose] Value for isAnonymousAllowed is : {0}
[Forced due to logging gap, Original Level: Verbose] Value for checkAuthenticationCookie is : {0}
Claims Windows Sign-In: Sending 401 for request 'https://crawler.my.host/' because the user is not authenticated and resource requires authentication.
[Forced due to logging gap, cached @ 12/01/2014 15:48:32.56, Original Level: VerboseEx] Sending HTTP response {0} - {1}:{2}.
[Forced due to logging gap, Original Level: Verbose] SPRequestModule.PreSendRequestHeaders
Leaving Monitored Scope (Request (GET:https://crawler.my.host:443/)). Execution Time=5320.19544383434
Name=Timer Job SchedulingApproval
Leaving Monitored Scope (Timer Job SchedulingApproval). Execution Time=16.4101862108173
Name=Timer Job SchedulingApproval
Leaving Monitored Scope (Timer Job SchedulingApproval). Execution Time=14.9021733209109
Name=Timer Job SchedulingApproval
[Forced due to logging gap, cached @ 12/01/2014 15:48:32.95, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
[Forced due to logging gap, Original Level: VerboseEx] SPFederationAuthenticationModule.OnEndRequest: Start
SPFederationAuthenticationModule.OnEndRequest: User was being redirected to authenticate.
Leaving Monitored Scope (Timer Job SchedulingApproval). Execution Time=17.2175513927049
Claims Windows Sign-In: Sending 401 for request 'https://crawler.my.host/' because the user is not authenticated and resource requires authentication.
Name=Request (GET:https://crawler.my.host:443/)
Micro Trace Tags: 0 nasq
Leaving Monitored Scope (Request (GET:https://crawler.my.host:443/)). Execution Time=9.54646470431298
Name=Request (GET:https://crawler.my.host:443/)
SPTokenCache.ReadTokenXml: Successfully read token XML 'mydomain\myuser'.
Token Cache: Failed to get token from distributed cache for '0).w|s-0-0-0-0-0-0-1234'.(This is expected during the process warm up or if data cache Initialization is getting done by some other thread).
Token Cache: Reverting to local cache to get the token for '0).w|s-0-0-0-0-0-0-1234'.
Token Cache: Entry missing for user 'mydomain\myuser'.
Token Cache: Failed to get token from distributed cache for '0).w|s-0-0-0-0-0-0-1234'.(This is expected during the process warm up or if data cache Initialization is getting done by some other thread).
Token Cache: Reverting to local cache to get the token for '0).w|s-0-0-0-0-0-0-1234'.
Claims Windows Sign-In: User 'mydomain\myuser' for request url 'https://crawler.my.host/' does not have a cached SessionSecurityToken.
[Forced due to logging gap, cached @ 12/01/2014 15:48:33.24, Original Level: VerboseEx] We are in claims windows only mode for for request url '{0}'.
[Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
[Forced due to logging gap, cached @ 12/01/2014 15:48:33.71, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
SPSecurityContext: Added JsonWebSecurityTokenHandler to trust channel factory
SPSecurityContext: Replaced WSTrustRequestSerializer with SPTrust13RequestSerializer
SPSecurityContext: The SecurityTokenServiceBehavior is attached to the TrustChannel.
SecurityTokenServiceSendRequest: RemoteAddress: 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustChannelContract' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue'
MessageId: 'urn:uuid:f175f6ef-a93d-4efe-9173-1fba74b1eed2'
SecurityTokenServiceReceiveRequest: LocalAddress: 'http://servername:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'System.ServiceModel.Channels.ServiceChannel' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId:
'urn:uuid:f175f6ef-a93d-4efe-9173-1fba74b1eed2'
Entering monitored scope (ExecuteSecurityTokenServiceOperationServer). Parent No
STS Call: Issuing new security token.
SPSecurityTokenServiceManager!EnsureSharePointLogonRequestClaims: Found primary sid claim. Value: 's-0-0-0-0-0-0-1234'.
Using claim provider 'System' for operation because it is default and it is visible.
Excluding claim provider 'AD' for operation because it is not default and .
Using claim provider 'AllUsers' for operation because it is default and it is visible.
Excluding claim provider 'Forms' for operation because it is not default and .
Using claim provider 'User Profile Claim Provider' for operation because it is default and it is visible.
STS Call Claims Windows: Setting cookie lifetime to: Microsoft.IdentityModel.Protocols.WSTrust.Lifetime
STS Call Claims Windows: Successfully requested sign-in claim identity for user 'mydomain\myuser'.
STS Call: Successfully issued new security token.
Leaving Monitored Scope (ExecuteSecurityTokenServiceOperationServer). Execution Time=13.187150880908
[Forced due to logging gap, cached @ 12/01/2014 15:48:34.87, Original Level: Verbose] The SecurityTokenServiceHeaderInfo including the correlation ID was added.
Leaving Monitored Scope (ExecuteSecurityTokenServiceOperationCaller:http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue). Execution Time=719.713539011243
[Forced due to logging gap, cached @ 12/01/2014 15:48:35.60, Original Level: Verbose] ____{0}={1}
Claims Windows Sign-In: Siginging in the the user 'mydomain\myuser' for request url 'https://crawler.my.host/'.
Updating X.509 certificate validation policy
[Forced due to logging gap, cached @ 12/01/2014 15:48:36.26, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
Adding X.509 certificate thumbprint '493E6806F4178EDD685BE5EA0AAF79ED30FB4A90' to root authority trust
SPLocalLoginProvider: Initializing and creating S2S Claim Mappings
SPLocalLoginProvider: Initialized S2S Claim Mappings.
[Forced due to logging gap, cached @ 12/01/2014 15:48:36.37, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
[Forced due to logging gap, Original Level: Verbose] Deserializing the type named {0} and with id {1}.
[Forced due to logging gap, cached @ 12/01/2014 15:48:37.17, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
[Forced due to logging gap, Original Level: Verbose] Deserializing the type named {0} and with id {1}.
[Forced due to logging gap, cached @ 12/01/2014 15:48:37.96, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
[Forced due to logging gap, Original Level: VerboseEx] SPFederationAuthenticationModule.OnSessionSecurityTokenCreated: Start
[Forced due to logging gap, cached @ 12/01/2014 15:48:38.10, Original Level: VerboseEx] SPSam.SetPrincipalFromSessionToken: End
[Forced due to logging gap, Original Level: Verbose] Looking up {0} site {1} in the farm {2}
Token Cache: Failed to add token from distributed cache for '0).w|s-0-0-0-0-0-0-1234'.(This is expected during the process warm up or if data cache Initialization is getting done by some other thread).
Token Cache: Reverting to local cache to Add the token for '0).w|s-0-0-0-0-0-0-1234'.
Token Cache: Successfully added token to cache for '0).w|s-0-0-0-0-0-0-1234'.
SPTokenCache.ReadTokenXml: Successfully read token XML '0).w|s-0-0-0-0-0-0-1234,0#.w|mydomain\myuser,123456789012345,True,dpoRtB/hPcjVrEaJtqVWxhY8Pbfm++oHwWQ5TCB9jBlLx5n2Ky5OqGXM7ntfLB0kqIJNDUkeQrl4wL7xW2m4r0rV1TiOUf+e2mpHq8WOgN67puRViZbCxCkwmmxUpE/1OVNcDFXRCh26tvVFieK99LKZn8BJUtmP8RqxtwtwqBolNjCyZ3rfSSmtFyM3pdWjphdj312R9Lcp9/EhTpvvV1J2lFCig901ZGaPo7zOw3pFyXl1eDs+gF2Bcbc7/mMZw67/gEccsFaekBVH1TK0d9qqr6P/ISeEgzhlK4DChV94ntsw8m8Pb255yTL8WrbTykMFV3jC7R2MvqCmiKGK+g==,https://crawler.my.host/'.
Claims Windows Sign-In: Not writing a cookie for request 'https://crawler.my.host/'.
Claims Windows Sign-In: Successfully signed-in the the user 'mydomain\myuser' for request url 'https://crawler.my.host/'.
Updating header 'LOGON_USER' with value '0#.w|mydomain\myuser' for the request url 'https://crawler.my.host/'.
Leaving Monitored Scope (SPClaimsCounterScope). Execution Time=4957.74267399907
SPApplicationAuthenticationModule: Authorization header doesn't contain Bearer, can't try to perform application authentication.
Non-OAuth request. IsAuthenticated=True, UserIdentityName=0#.w|mydomain\myuser, ClaimsCount=27
Leaving Monitored Scope (PostAuthenticateRequestHandler). Execution Time=31.2877754016223
Micro Trace Tags: 0 nasq,69 air4a,1 air4b,22 air4a,0 air4b,1641 aeayb,732 b4ly,654 erv2,58 erv3,1814 air36,0 air37,42 b4ly,5 agb9s,39 b4ly
Leaving Monitored Scope (Request (GET:https://crawler.my.host:443/)). Execution Time=5101.04328902137
SPFederationAuthenticationModule.OnEndRequest: User was being redirected to authenticate.
[Forced due to logging gap, cached @ 12/01/2014 15:48:38.24, Original Level: Verbose] {0}
[Forced due to logging gap, Original Level: VerboseEx] SPRequestParameters: AppPrincipal={0}, UserName={1}, UserKye={2}, RoleCount={3}, Roles={4}
Site=/
[Forced due to logging gap, cached @ 12/01/2014 15:48:38.37, Original Level: Verbose] {0}
[Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
[Forced due to logging gap, cached @ 12/01/2014 15:48:38.40, Original Level: VerboseEx] No SPAggregateResourceTally associated with thread.
[Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
[Forced due to logging gap, cached @ 12/01/2014 15:48:38.48, Original Level: VerboseEx] No SPAggregateResourceTally associated with thread.
[Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
Access Denied for /. StackTrace:    at Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(HttpContext context)     at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.OnEndRequest(Object sender,
EventArgs eventArgs)     at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()     at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)     at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)     at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest
wr, HttpContext context)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr
rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)     at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)
at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr
nativeRequestContext, IntPtr moduleData, Int32 flags)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
Leaving Monitored Scope (SPFederationAuthenticationModule.OnEndRequest). Execution Time=351.625416079418
Entering monitored scope (Request (GET:https://crawler.my.host:443/_layouts/AccessDenied.aspx?Source=https%3A%2F%2Fcrawler%2Emy%2Ehost)). Parent No

I'm extending an existing claims based web application. The way I'm testing authentication is by attempting to log in to the Windows authentication zone using the browser and an account with site collection administrator privileges. I've also
tried using the intended crawler service account, but that also fails authentication.
With regard to the default zone issue, I've already experimented with using both the default zone and another zone, but neither works.
BTW, I already have this working in a SharePoint 2013 development environment, and a similar configuration has been in a SharePoint 2010 production environment for over a year, which makes this a particularly maddening problem.
I have enabled Failed Request Tracing, and get a 401.1, 401.2, then a 403 (which says it was caused by the 401.2). I'm not sure of the significance, but the 403 trace shows the module for the 401.2 to be UrlAuthorizationModule, while the module for
the 403 error is FederatedAuthentication.
Per my ULS trace included in my original post, it appears that I'm actually getting a SharePoint claim.

How to make use of Windows authentication from my Java application

I have a Java application, Instead I design one more login page for my application, I want to make use of Windows Authentication.
How should I use that windows authentication in my java application
can any help me in suggesting a solution

How will they be able to access your application if they aren't users of the system?

SharePoint 2013 and Windows authentication (integrated) or SharePoint user for report data source

Hello,
I am having issues creating report datasource in "Windows authentication (integrated) or SharePoint user" in SharePoint 2013. I followed the steps mentioned in the link http://blogs.msdn.com/b/psssql/archive/2014/04/28/sharepoint-adventures-using-claims-with-reporting-services.aspx.
I am just stuck in the delegation piece here. I have a SSAS instance by name "XXXXAPPV01\Multidimensional". First thing is what is the procedure to set SPN for this instance? I need to add this service in the delegation tab so that C2WTS service
configured correctly.
Nothing but I should be able to access my SSAS 2012 cube from SSRS 2012 by "Windows authentication (integrated) or SharePoint user" as the authentication method.
Palash

I used the below command to set SPN for analysis services.
setspn -S MSOLAPSvc.3/XXXXAPPV01APPV01.xxxxdmo.local:Multidimensional xxxxdmo\svcMyService
After setting the SPN for this service account I added this account(xxxxdmo\svcMyService) in the delegation tab of my domain account created earlier for claim service (xxxxdmo\svcC2WTS). Now in service type it shows -> MSOLAPSvc.3, User or Computer it shows
-> XXXXAPPV01APPV01.xxxxdmo.local and in Port it shows -> Multidimensional. This is in my svcC2WTS account delegation tab. Still I am not able to connect datasource by "Windows authentication(integrated) or SharePoint User". I am getting the
same error "Cannot convert claims identity to windows token".
I am not sure what am I missing in this configuration piece yet to get this working.
Palash

HOW TO CREATE WINDOWS AUTHENTICATION USER IN SQL SERVER AFTER INSTALLING SQL SERVER 2008

I had an error while executing asp.net appcation from IIS as follows
Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.
Description:
An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.
[SqlException (0x80131904): Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.]
Can the above problem be solved by CREATING WINDOWS AUTHENTICATION LOGIN FOR
'IIS APPPOOL\ASP.NET v4.0' ?
If yes, how to create the login?
If no,what is the best possible solution?
Please reply as soon as possible as i am unable to run my project which I had done in my lab,in my home system.

Hi Praveen,
To fix this issue, you need to change the Identity of your website's Application Pool to use the
NetworkService account (or the less secure LocalSystem account). By default, IIS7 seems to set the Application Pools Identity to 'ApplicationPoolIdentity' instead of NetworkService or LocalSystem.
Here's a step-by-step guide for determining your websites Application Pool, then changing its Process Model Idenitty in IIS7:
1.Open Internet Information Services (IIS) Manger.
2.In the Connections sidebar, drill down into Default Web Site and click on your website.
3.Now in the Actions sidebar (on right side), click on Advance Settings... In the popup box, under General you will see your Application Pool listed for your website (in my case the app pool is: ASP.NET V4.0).
4.Click Cancel... If you choose, you can change the Application Pool here, but for the sake of this example we just wanted to find out what the website's App Pool was.
Then change the app pool's (Process Model) Identity to 'NetworkService', the steps are showed as below:
1.Open Internet Information Services (IIS) Manger.
2.In the Connections sidebar, click on Application Pools.
3.Now right-click on theApplication Pool that your website is using (in this case my site is using the ASP.NET v4.0 application pool), and select Advanced Settings... from the menu.
4.In the Advanced Settings pop-up box, locate the Process Model -> Identity section and click on the Application Pool Identity.
5.In the Application Pool Identity pop-up box, change the Built-in account to NetworkService (or if you want LocalSystem), then click OK, and click OK again to save your Advanced Settings changes.
Hope this helps.
Best Regards,
Peja
Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Windows authentication

Similar Messages

Maybe you are looking for