stackoom
  简体   繁体   中英

IIS Windows Authentication - Change User - issue with IIS 8.5

 原文  2017-10-17 04:55:57       asp.net/ iis-7.5/ windows-authentication/ iis-8.5

Question

Note: The below issue only occurs in IE 11, and works fine with Chrome

In our intranet we are setup to use purely windows authentication for all our web applications. The setup consists of a home page web app, and few other web applications linked from the home page, each application and home page are in separate application pools. We have implemented Change User functionality using the standard 401 redirects as mentioned at 'Login as another user' MVC 4 Windows Authentication .

The current hosting server is Windows Server 2008 R2 and we are doing our due diligence for migrating to Windows Server 2012 R2.

During testing we found that the Change User functionality works fine on the home page, but when accessing any other app the logged in user returns back to the original logged in user. The links are opened in a new tab by using _target='blank' from the home page.

Same application hosted on Windows 2008 R2 functions as expected and the Changed User is reflected on the other web applications as well.

I have tried googling without any matching experience, is this a known issue and are there any workarounds to fix the same?

Sample setup and output:

Windows Server 2008 R2 (IIS 7.5) 

╔═══════════╦══════════════════════╦═══════════════════════╗
║ Time-Step ║     Url-Location     ║     Current-User      ║
╠═══════════╬══════════════════════╬═══════════════════════╣
║         1 ║ /HomePage            ║ MyDomain\OriginalUser ║
║         2 ║ /HomePage/ChangeUser ║ MyDomain\NewUser      ║
║         3 ║ /MyApp               ║ MyDomain\NewUser      ║
╚═══════════╩══════════════════════╩═══════════════════════╝

Windows Server 2012 R2 (IIS 8.5) 

╔═══════════╦══════════════════════╦═══════════════════════╗
║ Time-Step ║     Url-Location     ║     Current-User      ║
╠═══════════╬══════════════════════╬═══════════════════════╣
║         1 ║ /HomePage            ║ MyDomain\OriginalUser ║
║         2 ║ /HomePage/ChangeUser ║ MyDomain\NewUser      ║
║         3 ║ /MyApp               ║ MyDomain\OriginalUser ║
╚═══════════╩══════════════════════╩═══════════════════════╝

The current user information is accessed using User.Identity.Name

1 answers

solution1
 0 ACCPTED  2017-10-18 11:31:49

Solved: The order of the providers in Windows authentication matters. The issue was solved once we moved the NTLM above Negotiate in the providers list.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Denying users in windows authentication IIS 8.5 Windows Authentication in IIS 8.5 - Intermittent 404 Error IIS 6 Windows Authentication Issue Configure windows Authentication in IIS 8.5 on Windows Server 2012 Windows Authentication issue in IIS 7.5 trailing slash issue in IIS 8.5 IIS Windows Authentication IIS APPOOL OWIN Cookie authentication not working on IIS 8.5 Upgrade from IIS 7.5 to IIS 8.5 breaks OData with Hawk Authentication? IIS: Anonymous and WIndows Authentication
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM