Comments on: Credentials Screening: Windows Authentication without a Login Dialog Box

By: Vladimir Kelman

Vladimir Kelman — Sun, 17 May 2009 05:39:33 +0000

Thank you Dimitri! Still, it was a nice way to check windows credentials without displaying automatic pop-up…
We implemented a dual login module (ASP.NET) which allows a user either submit username/password (standard “Forms” login) or to click on “Use Windows credentials” link which points to WinLogin.aspx file with windows authentication and disabled anonymous authentication. In case of a success WinLogin.aspx then uses windows username to perform Forms login. It all works nice with IIS (5.1, 6, 7), but I was thinking that your “credentials screening” (using XmlHttpRequest) would be a nice way to hide “Use Windows credentials” link from users who are outside of Windows domain. The only other way is just to check IP address of a user, which is less elegant.

Sorry for bothering you, I know you’re working for Google now… I’m writing this message using Chrome.

By: dglazkov

dglazkov — Sun, 17 May 2009 04:10:46 +0000

Guys, this article was written in 2004. This was the time when IE6 was the latest browser available from Microsoft and Facebook was just a twinkle in Zuckerberg’s eye. Lots of things have changed since then.

Please stop trying to make this old solution work

By: Vladimir Kelman

Vladimir Kelman — Sun, 17 May 2009 03:36:20 +0000

Unfortunately, the main promise of this article doesn’t work: a browser still displays that automatic pop-up asking for Windows credentials, in case user is not authenticated [yet]. Your trick with ActiveXObject(“Msxml2.DOMDocument”) (and I tried XmlHttpRequest too – obviously, no difference) does not allow a browser to silently fail. Obviously, a negotiation between browser and IIS server still happens and causes that automatic pop-up…

I’m currently using IIS7, but may be able to try it with IIS5.1. I doubt it matters, though.

Did you actually have it working in the past?

By: Vladimir Kelman

Vladimir Kelman — Thu, 14 May 2009 16:40:53 +0000

Unfortunately, the main promise of this article doesn’t work: a browser still displays that automatic pop-up asking for Windows credentials, in case user is not authenticated [yet]. That remote trick with ActiveXObject(“Msxml2.DOMDocument”) (and I tried XmlHttpRequest too – obviously, no difference) does not allow a browser to silently fail…

I’m currently using IIS7, but may be able to try it with IIS5.1. I doubt it matters, though.

Did you actually has it working?

By: salman

salman — Fri, 01 May 2009 22:21:56 +0000

Thanks

By: Giorgio

Giorgio — Mon, 26 Jan 2009 08:41:27 +0000

I try to download the example CredentialsScreening.zip, but the link is broken.

Kind Regards

Giorgio

By: Kevin

Kevin — Fri, 16 Jan 2009 16:46:21 +0000

Thank you so much. This is probably the cleanest solution to this problem I have seen yet. This should hold us over till we can get IIS 7 available.

By: Nir Raviv

Nir Raviv — Mon, 27 Oct 2008 12:35:12 +0000

Wow! it’s exactly what I was looking for.
I’m involve in a project which require “mix mode authentication” and I did struggle a lot the find a solution the the NTLM pop up dialog.

Do you know if a solution exits also for Firefox/ other browsers?

Thanks,
Nir

By: Wendy

Wendy — Mon, 13 Oct 2008 21:22:20 +0000

I try to download the example CredentialsScreening.zip, but showit this error:
Not Found
Sorry, but you are looking for something that isn’t here.

I would like to see it to learn more.

WMA.