Hi Rick,
Tossing this out here in case you can provide some insight. We maintain a stage version of our WWC application that is only available on the internal corporate network. On that site, I have Windows (and Basic) Auth enabled. When I go to the site, I get the Windows auth prompt as expected. I enter my domain creds and everything works as expected. When my domain session expires, I get prompted again. However, I have a (relatively) new member of my team and no matter what she does, we can't seem to get the domain authenticate to succeed. We're trying this in both a Windows VM and a Mac. Any pointers?
TIA
If it works for you but not for her I'd suspect the account. Can you have her log in from your machine with her credentials or vice versa?
My suspiscion is that the domain account is not validating. Also if you use a domain account and that account doesn't exist on the server the permissions in the configuration need to reflect that domain in the name (ie. domain\username) if you are explicitly referencing user names or groups.
+++ Rick ---
One of these things is not like the other... 😃
It's a bit of a mystery. She uses the same creds to successfully log onto the VM as well as our corporate VPN client. It's only failing from the WWC auth call. The IIS log just has the 401. Maybe there's some way I can step through that code...
I assume you're talking about the Administration login to Web Connection Admin page since that's the only thing using Windows auth?
You can't step through that code because it's the DLL code - it's handled internally by the Web Connection module. Check the log file in the Web Connection temp folder, and see if you get any hint on the account info that's trying to log in. The IIS logs also will have account info in the IIS request logs.
The difference could be local vs. domain account. It's possible the Application Pool Identity account doesn't have rights to work with domain accounts?
Generally for the Admin interface I recommend that you use local accounts only - that is more reliable in validation, but also limits access to only those accounts you've explicitly set up for validation on the admin interface (which should be very few people). Alternately set up a shared admin account that can be used to log into the Administration page.
+++ Rick ---
Nope. Sorry if that wasn't clear. I have Windows Auth enabled in IIS so that only people who are part of our domain can access the site.
I gave her an alternate account to auth with and that worked. So it's definitely something wonky with her account but trying to figure out what that is without a proper Windows admin is a challenge.
