Integrated Windows Auth not working on HTTPS site (works fine in IE)

[Steven G]

I have a couple intranet sites hosted on IIS7 that we use passthrough auth for, I'm transitioning one of them to requiring SSL since we're going to start using certain aspects of it over the internet, however when I access the site using it's https the passthrough auth isn't working in Chrome. 

I know Chrome's "intranet zone" allowing passthrough auth is tied to the settings for IE in internet control panel, but I tested it on two different PCs both with Chrome 35.x installed one with IE10 the other IE11, IE worked on both machines but Chrome wouldn't work on either. I can access the site using http in Chrome and have passthrough work just fine, I tried explicitly mapping the site's https address to the intranet zone both using group policy and manually adding it using the settings in internet control panel.

I would think it wouldn't make a difference accessing the site via http/https as long as Chrome sees it as an intranet site, or if it did make a difference https would be the preferred/required method. Has anyone else had issues using passthrough while accessing an https site?

[Chris Bentzel]

May help to move to a bug if you have more details.

> --
> --
> Chromium Discussion mailing list: chromium...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-discuss
>

[Asanka Herath]

On Tue, Jul 8, 2014 at 9:07 AM, Chris Bentzel <cben...@chromium.org> wrote:

May help to move to a bug if you have more details.

On Mon, Jul 7, 2014 at 1:43 PM, Steven G <motox...@gmail.com> wrote:
> I have a couple intranet sites hosted on IIS7 that we use passthrough auth
> for, I'm transitioning one of them to requiring SSL since we're going to
> start using certain aspects of it over the internet, however when I access
> the site using it's https the passthrough auth isn't working in Chrome.
>
> I know Chrome's "intranet zone" allowing passthrough auth is tied to the
> settings for IE in internet control panel, but I tested it on two different
> PCs both with Chrome 35.x installed one with IE10 the other IE11, IE worked
> on both machines but Chrome wouldn't work on either. I can access the site
> using http in Chrome and have passthrough work just fine, I tried explicitly
> mapping the site's https address to the intranet zone both using group
> policy and manually adding it using the settings in internet control panel.
>
>
> I would think it wouldn't make a difference accessing the site via
> http/https as long as Chrome sees it as an intranet site, or if it did make
> a difference https would be the preferred/required method. Has anyone else
> had issues using passthrough while accessing an https site?

I believe this should work. Could you open an issue and attach a net-internals log (http://dev.chromium.org/for-testers/providing-network-details)? You can mention the bug on this thread.

[Steven G]

Asanka,

I opened an issues using "Tools>Report an Issue" and included a net-internals log a month ago as you requested, but I never received any response with a bug ID, and now things seem to have gotten worse. Chrome will not use Integrated Auth with any of our Internal sites now, I'm able to open them up in IE and have pass-through auth work without an issue and I confirmed that the URL does exist in the Local Intranet Sites list. Tested on v36.0.1985.125m

So I'm pretty much dead in the water right now and working on switching all the PCs that use the site over to using it in IE because I don't see another way around it.

[Steven G]

I figured out this is an IIS issue, I haven't figured out what exactly is causing it yet, but I deployed the VS2012 Web Forms Template website modified to use Windows Auth to the same IIS Server and had the same issue with the new test site. Then I made a new Server 2012R2 VM, installed IIS and deployed the same two sites and they both worked fine.

[Chris Bentzel]

Thanks!