I'm able to authenticate using AD credentials and the requested page loads fine, but IIS is re-requesting authentication for every page change or page refresh.
If this is normal behavior for this type of authentication, what would be a better way to authenticate to prevent requesting of credentials for every page change/refresh?
I've setup a very simple test application with page1.html that has a link to page2.html. When clicking the link to page2, I'm asked again for credentials. I created a folder called test1 and in the IIS Manager I did a "Convert to application" using the DefaultAppPool. I disabled Anonymous Authentication and enabled Digest Authentication, and removed the default Authorization Rule and added an Allow for mydomain\testgroup, all from the IIS Manager.
The directory structure is:
c:\inetpub\wwwroot\test1
------------------- page1.html
------------------- page2.html
------------------- web.config
And the contents of the web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" roles="mydomain\testgroup" />
</authorization>
</security>
</system.webServer>
</configuration>
UPDATE: If I toggle the Authentication method from Digest to Basic, everything works as it should and I can navigate between the pages in the application. Why is Digest causing it to ask for credentials each page change?
0 Answers