Automatic NTLM Logon for ASP.Net, TFS SharePoint...

New Download Links
New Download Links


Automatic NTLM Logon for ASP.Net, TFS SharePoint... Team start using PartNTLM Authentication for websites is a great addition to the bat-belt when writing ASP.Net sites. Additionally it is also a great to have support for it in Team Foundation SharePoint portals. However as great as having support for NTLM authentication may be, having to enter re-enter your credentials when surfing Intranet or Extranet sites can be an annoyance that is just not worth it.Anyone who has used SharePoint or TFS portal on a properly setup network will attest that simply being able to visit the site for it to authenticate you is a massive finishing touch. This same nicety applies the same to a custom built ASP.Net extranet simply “knowing” who you are. As Steve Jobs would put it“… It just works …”And although i don’t always see eye to eye with Monsieur Jobs – i agree with him on this. Automatic sign-in is how you want your sites to run.So why doesn’t this work straight out the box?This has a little bit to do with security on the web at large – or more the fact that everyone, be they American Phanphobic Citizens or not, lives their life on the web in fear.Internet Explorer not having a history of being the tightest browser of all, security wise, runs out of the box with no Trusted Sites . Therefore by default it won’t automatically hand out your login token to just any site. FireFox is pretty much the same in it’s assumption that there is more nasties than goodies out there.A lot of people don’t even know that FireFox can support NTLM – but it does, just not by default.What we need to do to remedy these two browsers’ situation, is to add the sites you want to be automatically logged into, to their list of Trusted sites, and you can do this one of two ways. Internet Explorer Local Machine Trusted Sites SetupSo you may not have a domain, with an Active Directory Server to do your bidding turn off internet explorer enhanced security configuration gpo. Don’t worry though, as this is just as easy to setup on your local machine. If you’re on a domain, you’ll need to complete the following on your active directory server before skipping to the next section anyway.Open IE on your local computer and open TOOLS INTERNET OPTIONS, then choose the Security tab up the top.Click on the ‘Local Intranet’ icon, and then click the Sites button to open the list of Trusted Sites for the Intranet zone.If you’re in IE 6-7 This will simply open the list, If you’re in IE 8 it will show the window below. Click Advanced.If your site ASP.Net, SharePoint or TFS site is not on an HTTPS connection (I'm assuming it isn’t) un-tick the box marked “ Require secure connection”, and then enter your site’s address in the box turn off internet explorer enhanced security configuration gpo. Then click Add. Do this for every site you want to have automatic sign-on for and then click closeNow back at the main settings screen, make sure the intranet zone is still selected and click the custom level button. On the next screen scroll right to the bottom and make sure that under User Authentication Logon, that the option Automatic Logon, only in Intranet Zone is selected.Close by clicking OK, and you’re done! Internet Explorer Domain Group Policy Trusted Sites SetupIf you’re on a domain, and want to allow all your users to have automatic sign-on, Group Policy is your friend. If you don’t you’re already done.Login to your Active Directory Domain Controller, using a domain admin account, and perform the steps listed above to setup the local Internet Explorer settings on the server. You will want to repeat the following for two separate policies. One with Enhanced Security Configuration turned on, and one with it turned off, so that you can support workstations with both configuration.To turn off Internet Explorer Enhanced Security Configuration on a Windows 2008 server do the following. Open up Server manager, scroll down to Security Configuration and click the link that says Configure IE ESCTurn it off for Administrators and close the windowOpen up Group Policy ManagementRight-click your domain name (or whichever OU contains the users you wish to apply this to), and create a new Policy by clicking “ Create a GPO in this domain, and link it here”. Give your new policy a name (preferably better than mine)Right click on your newly created policy and select EditOpen down to User Configuration Policies Windows Settings Internet Explorer Maintenance Security Security Zones and Content RatingsSelect “ Import the current security zones and privacy settings”When you select this option you will probably receive a warning about ‘Internet Explorer Enhanced Security Configuration’.This is why we disabled the enhanced configuration in step 3, so that this policy will apply to workstations without Enhanced security turned on. Click Continue.Close all open windows.The changes will take time to replicate through your AD topology, depending on your setup. You may see the changes take effect within 15 mins to an hour. If you have a Multi-site AD setup it may take a day or two. FireFox – Turning NTLM On Adding Trusted SitesThe first step to getting your FireFox Setup working with automatic sign-on is to turn NTLM on. As i said earlier, a lot of people don’t appear to even know this is possible.Open FireFox and type about:config in the address bar. Click I’ll be careful, I promise! to the warning and you’ll open the FireFox advanced configuration page.Search for ntlm by typing it into the filter box.Select the option network.ntlm.send-lm-response and double click it to toggle it to onNext double click the item marked network.automatic-ntlm-auth.trusted-uris in the next box enter each URL of your sites seperated by a comma – click OKClose the tab and you’re done! FireFox Domain Group Policy Trusted Sites SetupFirefox is Mozilla’s beast, and therefore what they say and do goes in the world of FireFox. Sadly this means that there is no clear cut way to setup group policy’s for FireFox.There is however a methods to Make it happen and it is to use Wet Dog Active Directory Tools from the following URL: for using it are sadly for another blog post though. If i led you on I'm sorry – but the post is coming soon. Related posts:ASP.Net ,SharePoint ,Team Foundation Server ,Browsers ,Sys Admin ,Active Directory ,Web securityRecent PostsWhen .gitignore stops being your friend - Debugging missing Git repository filesRunning Android apps on Windows Phone 10 previewSo you want your Team to start using Git? – Part 4: Team WorkflowsSo you want your Team to start using Git? – Part 3: More than just CommittingSo you want your Team to start using Git? – Part 2: Pushing it up SomewhereSo you want your Team to start using Git? – Part 1: Getting started101 Pedantic Programmer’s thoughts on Lenovo’s new ThinkPad X240Investigating ASP.Net Memory Dumps for Idiots (like Me)Who said building Visual Studio Extensions was hard?Html.AntiForgeryToken – Balancing Security with UsabilityWhy Bronze Medal Thinking Wins Every Time – Agile Development TeamsMake 2014 the year you unleash AwesomeSorrow and Elation – Why Reflection Isn't Always Your FriendDeconstructing the Azure Point-to-Site VPN for Command Line usageTesting connectivity to Microsoft SQL Server without any tools installed

Re: TCS has stopped working error when starting T... - Hewlett Packard Enterprise Community .

Automatic NTLM Logon for ASP.Net, TFS SharePoint... Team start using PartHi,We are trying to record the script in Ajax Tru Client - IE in LR 12.0 ver tool, but once we complete the flow recording and when we click on stop button an error message received asTCS has stopped working, so the we closed the Develop Script session.When I select the Develop Script button again, I get the error stating:HP Virtual User GeneratorA communiction error occurred between the TruClient browser and Vugen. Close the TruClient broswer if it is open and click the Develop Script button to restart the TruClient browser. If the browser is already closed, restart VuGen.The issue is similar to the case as below: rum/TCS-has-stopped-working-quot-error-when-starti ...But there is no issue resolution above ticket.

Let me know if I need to raise a SAID ticket for this...?Thanks,PrasannaHi Hameed,I tried disabling the Group Policy (I have Admin Rights) but the disable changes were not reflected.We have reached to admin and as per him the user who disables the Group Policy, company network will force settings to default which is enabled. Eventhough if we disable the Group Policy then the user will not be able to access the Application under test, ( GP disabled then App/AUT will not work)...I have also checked the UAC status which was already disabled and was recorded the AUT in IE9 itself....Please suggest some other solution if any...However, updating the LR 12.0 to 12.02 will it help....?Thanks,Prasanna

  • Desparately need help removing IE Enhanced Security .

    x64 Win2003 Terminal Server Hello, I want to With MS tech support help, we figured out that IE7 and the enhanced security configuration was By default, administrators can enable or disable Internet Explorer Enhanced Security Group Policy specifies a particular setting (for example, Internet Explorer Enhanced 

  • Exporting Internet Explorer settings...

    6 Jun 2014 Once you have configured your Internet Explorer (IE) settings on a in the Internet Explorer Enhanced Security Configuration dialog box. a.

  • Active Directory 2008 : Implementing Group Policy (part...

    23 Aug 2013 Right-click the Group Policy Objects Container in the console tree and If you have Internet Explorer Enhanced Security Configuration (IE ESC) the Screen Saver Timeout link, open Server Manager and disable IE ESC.

  • Automatic prompting for file downloads missing in ie9...

    12 Sep 2015 Ie9-to turn off the info bar for file downloads - tech support forum Re: Internet explorer security zones registry entries for advanced users.

  • Adding URLs to Internet Explorer...

    2 Sep 2011 Adding URLs to Internet Explorer Security Zones with Group Policy Preferences the appropriate settings in the user section of the registry.