I am running AJAX with an application that uses IIS Authentication. While this poses no issues with Internet Explorer, when used with Firefox it pops up a window asking for a user name and password. This is expected once when loading the page, but it asks for it every time something to do with AJAX is used (and never seems to stop).
This seems to render pages with AJAX useless when IIS authentication is used.
Has anyone encountered this problem? Any workarounds?
(IIS Authentication is where one must be logged in with a Windows/NT account - so is good for workplaces, LANs where internal applications are involed.)
That's because firefox doesn't hold on to your password, and go ahead and
re-try it a few times whenever it gets a challenge from the webserver (IE
does). But if it's internal-only application, you can require IE-only,
can't you? Also make sure that none of that client-server
challenge/response traffic is moving through your edge routers, because it's
travelling over the network in plain-text.
... HH
On 11/22/05, Dean <dean.cumm...@det.nsw.edu.au> wrote:
> I am running AJAX with an application that uses IIS Authentication.
> While this poses no issues with Internet Explorer, when used with
> Firefox it pops up a window asking for a user name and password. This
> is expected once when loading the page, but it asks for it every time
> something to do with AJAX is used (and never seems to stop).
> This seems to render pages with AJAX useless when IIS authentication is
> used.
> Has anyone encountered this problem? Any workarounds?
> (IIS Authentication is where one must be logged in with a Windows/NT
> account - so is good for workplaces, LANs where internal applications
> are involed.)
> Thanks,
> Dean
--
====================================================
I would rather be exposed to the inconveniences attending too much liberty
than to those attending too small a degree of it.
- Thomas Jefferson
Well yes, it is internal but it would also be good to make it work cross browser. I have written some custom ajax script which only asks for the password once (so works as expected), so was wondering if it was a AJAX-pro specific issue (that it cannot work without IE when IIS auth. is turned on)
AJAX doesn't seem to work on a MAC either - can anyone verify this?
________________________________
From: ajaxpro@googlegroups.com [mailto:ajaxpro@googlegroups.com] On
Behalf Of Harry Holt
Sent: Wednesday, 23 November 2005 03:38
To: ajaxpro@googlegroups.com
Subject: [ajaxpro] Re: IIS Authentication (windows) and AJAX
That's because firefox doesn't hold on to your password, and go ahead
and re-try it a few times whenever it gets a challenge from the
webserver (IE does). But if it's internal-only application, you can
require IE-only, can't you? Also make sure that none of that
client-server challenge/response traffic is moving through your edge
routers, because it's travelling over the network in plain-text.
... HH
On 11/22/05, Dean <dean.cumm...@det.nsw.edu.au> wrote:
Hi,
I am running AJAX with an application that uses IIS Authentication.
While this poses no issues with Internet Explorer, when used with
Firefox it pops up a window asking for a user name and password. This is expected once when loading the page, but it asks for it every time
something to do with AJAX is used (and never seems to stop).
This seems to render pages with AJAX useless when IIS authentication is
used.
Has anyone encountered this problem? Any workarounds?
(IIS Authentication is where one must be logged in with a Windows/NT
account - so is good for workplaces, LANs where internal applications
are involed.)
Thanks,
Dean
-- ====================================================
I would rather be exposed to the inconveniences attending too much
liberty than to those attending too small a degree of it. - Thomas Jefferson
**********************************************************************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**********************************************************************
I had the same issue... Firefox constantly asking for username/password. Sometimes I can get an Ajax call or two through but even if I do, it'll break eventually. I upgraded from VS 2003 and Ajax.NET to VS 2005 and Ajax.NET Pro ... and Firefox's ability to handle the NT auth broke somewhere inbetween. It's crucial that my web app use IIS and have the ability to read the windows NT logon info .... to get IE or Firefox to return that info, IIS must have anonymous access disabled and NT info enabled ... which is where the Firefox issue occurs ...Enabling both doesn't work because IIS defaults to anonymous as it's first verification method (no idea why). I've yet to find a solution/work around/etc ... I'd really appreciate it if anyone with any knowledge on the subject could help us out.
frasche...@gmail.com wrote: > I had the same issue... Firefox constantly asking for > username/password. Sometimes I can get an Ajax call or two through but > even if I do, it'll break eventually. > I upgraded from VS 2003 and Ajax.NET to VS 2005 and Ajax.NET Pro ... > and Firefox's ability to handle the NT auth broke somewhere inbetween. > It's crucial that my web app use IIS and have the ability to read the > windows NT logon info .... to get IE or Firefox to return that info, > IIS must have anonymous access disabled and NT info enabled ... which > is where the Firefox issue occurs ...Enabling both doesn't work because > IIS defaults to anonymous as it's first verification method (no idea > why). I've yet to find a solution/work around/etc ... I'd really > appreciate it if anyone with any knowledge on the subject could help us > out.
> -Chris Fraschetti
Actually, i also have the same problem... it seem to me that firefox cannot handle AJAX request as a single session while waiting for the callback method when we enable "Digest Authentication through LDAP or Windows Domain". I think firefox expert might help us in this issue.
have you tried to set the lmauth in about:config on firefox? 1. type about:config in url field 2. search for variable network.automatic-ntlm-auth.trusted-uris 3. set the value to a comma separated field of the servers you want to allow windows authentification on
yes, I have done this... the problem occurs when I develop both remotely and locally.. I've tried adding every combination of hostname that firefox might resolve the host to... localhost and hostname alike... I'm actually glad the firefox ntlm uri solution didn't work.. it would certainly not be acceptable to tell my customers to do as such.
interesting. can any firefox experts out there shed any light on this? and/or anyone familiar with the Ajax.NET Pro code tell me the consequences of removing this header? If removing it seems to work, why is it even used?
