You are viewing limited content. For full access, please sign in.

Question

Question

Web Access - Getting prompts to enter Windows credentials when accessed externally

Web Client
Updated December 8, 2015
asked on November 25, 2015

A Client of ours is encountering an issue when attempting to access Web Access through an external URL with Windows Authentication. When Client navigates to Web Access using their public URL, https://abc.def.com/laserfiche  and checks the box to use Windows Authentication to login, then clicks login, another dialog comes up prompting for credentials. This prompts keeps coming up even if user repeated enters their Windows credentials. They are unable to login.

Using Laserfiche Accounts, they are able to login successfully.

If user connects to the same Web Access page using the local (intranet) URL, https://<servername>/laserfiche  checking the box to use Windows Authentication, they are able to login successfully without any additional prompts.

Laserfiche Server and Web Access are on the same box. The same issue is encountered regardless of Internet Browser used or from which machine it is being accessed.

Any ideas on this issue?

 

0 0

Replies

replied on November 25, 2015

This is normal and by design. This article outlines it pretty well. There are ways around it, but for security reasons, not recommended.

1 0
replied on November 27, 2015

Chris, thanks for the response.

 

This has been working before according to Client. Also, there are few other Clients set-up this way and they don't encounter this message.

0 0
replied on December 8, 2015

I would check the other clients configuration and in IE, have them check their "Intranet Zones" to see if the laserfiche surver url is added there. This is one way around the "login prompt". This setting in IE can be managed using GPO, and once added, the other browsers will respect it as well.

0 0
replied on December 8, 2015

Make changes to the Intranet site settings didn't resolve the issue.

Users can login using Windows Authentication when they use the local URL (intranet) address of the LF Web Access.

The issue for the prompt occurs when they try connecting using an external URL.

I have also given the Everyone users full access to the Web Access install directory.

0 0
replied on November 30, 2015

If the users enter their names with the domain specifically prefixed (as "domain\username"), does it work then?  If you look in the IIS logs on the Web Access machine, you should see login requests that are returning 401 status codes.  In those rows, is there an identity recorded, or is that column blank?  Can you double-check that Windows authentication is enabled for the /Laserfiche virtual directory?

0 0
View 2 previous replies
replied on December 8, 2015

Brian,

When users enter their names with the domain specifically prefixed (as "domain\username"), it works.

I looked at at the IIS logs but didn't see any 401 errors.

Windows Authentication is enabled for the /Laserfiche Virtual directory.

Also when I use a domain admin account at the second prompt, that lets me in but not with a non-domain admin account.

 

 

0 0
replied on December 8, 2015

For it working with only domain admins, you're probably seeing a bug that was fixed in 9.0.  Prior to that release, the method we used for Windows authentication required that the user have rights to log on to the WebLink machine.  You can either upgrade or give your users that right.

0 0
replied on December 8, 2015

The Web Access version is 9.2.0.67

0 0
replied on December 8, 2015

Seems as the credentials are not passing through. This is what I was able to gather from the logs when attempted:

13:41:06.611 [13856]    LFSession::Initialize
13:41:06.611 [13856]     LFAuthData::LFAuthData
13:41:06.611 [13856]    LFSession::Login
13:41:06.611 [13856]    DoLogin server='localhost:80' repository='' user=''
13:41:06.611 [13856]     InternalDoLogin

0 0
replied on December 8, 2015

The IIS logs are indicating what looks like 401 errors. Not sure this is what you meant earlier.

 

Mozilla/5.0+(Windows+NT+6.1;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko 200 0 0 61
2015-12-08 18:32:40 192.168.1.14 POST /laserfiche/Login.aspx db=ClientRepository 80 - 192.168.1.250 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko 401 0 0 37
2015-12-08 18:32:40 192.168.1.14 POST /laserfiche/Login.aspx db=ClientRepository 80 - 192.168.1.250 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko 401 1 3221225581 5
2015-12-08 18:36:56 192.168.1.14 GET /favicon.ico - 80 - 192.168.1.250 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko 404 0 2 3
 

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...