Redirected WebAccess Site does not accept automatic windows authentication.

replied on June 5, 2014

Internet explorer will automatically authenticate you if the site is trusted. When you go to http://machine, IE presumes that this in an intranet site and is therefore trusted. With an IP address or a FQDN it defaults to untrusted, and brings up the dialog you see when the server requests authentication. You should be able to manually add the site to the trusted zone, and I imagine this is something that could be pushed out via group policy. See this MS KB article.

1 0

View 3 previous replies

replied on June 10, 2014

Brian,

We have put the https://laserfiche.clientdomain.com and also the *.clientdomain.com in the trusted zone for the redirected address and it still pops up with the login. We have confirmed that the site has been recognized as a local intranet zone site. Any thoughts?

image001.png (19.2 KB)

| Download

0 0

replied on June 10, 2014

I have a similar configuration currently working on my machine, and the document properties look the same (zone: local intranet). At this point, I would try with Firefox (which has a different way of managing the win auth white list) and see if there's a difference there. Also, IE developer tools will show you the http request/response, which can show the difference between your browser not automatically sending any credentials and the server rejecting the credentials it gets, since it's possible this is a problem with the server configuration. For that, you want to see if there are any authentication headers in the request.

0 0

replied on June 12, 2014

As per the client, firefox did not work. If it was a server config issue i would assume that it would happen on both the internal address and also the redirected address. Since its only doing it on the redirected address i would assume that it would be either in IIS or a DNS issue. Im at a loss right now.

0 0

replied on June 12, 2014

Just to clarify your setup, what exactly do you mean by a "redirected URL"? Is this different from a DNS alias? What problem is the redirected URL supposed to solve for you?

You've said that https://servername/laserfiche works and https://laserfiche.clientdomain.com/laserfiche doesn't work. What about

https://servername.clientdomain.com/laserfiche?

0 0

replied on June 13, 2014

Yes they are using a DNS alias. I actually recreated the issue in a test lab. And I actually saw something funny going on in the IE developer tools.

In the picture there are 2 blue highlighted sections. First one is going to the alias http://laserfiche.laserfiche.local. As you can see, something happens and it looses the http://laserfiche.laserfiche.local part on line 3 and then asks for authentication again.

And if you look at the http://2012lfweb it goes thru the whole process without loosing the http://2012lfweb header in the url.

Untitled.jpg (307.42 KB)

| Download

0 0

replied on June 13, 2014

I actually think the URLs on the top part of the screen are what you should expect. Those resources are referenced by relative URLs in the page, and in my experience that what determines the value for that column. I don't know why it acts differently with the other host name, but I wouldn't take that behavior to correlate with the problem you are encountering.

IE developer tools isn't notified of authentication errors so your screenshot doesn't capture what request caused the authentication box to come up. You're sure it was the third request that triggered it? In the default configuration, Web Access doesn't require authentication for static content like css files. Can you verify that the /laserfiche virtual directory allows anonymous access?

0 0

Question

Question

Redirected WebAccess Site does not accept automatic windows authentication.

Replies

Sign in to reply to this post.