Disable loginprompt

Vote:
 

Hi all

upgrade from 6r2 to CMS version 7.19.2

How do i disable the default login prompt from episerver?

I have several login pages for different extranets, ive made a handler to redirect to the right loginpage. but the default episerver comes in before my handler is executed.

Any idea?

Regards

#120059
Apr 09, 2015 12:26
Vote:
 

What you have in <authentication /> element in web.config?

#120061
Apr 09, 2015 13:42
Vote:
 
  <authentication mode="Forms">
      <forms name=".EPiServerLogin" loginUrl="templates/public/pages/common/login.ashx" timeout="1440" />
    </authentication>
#120062
Apr 09, 2015 13:45
Vote:
 

And the .ashx guy does redirect to correct login page based on extranet?

#120063
Apr 09, 2015 13:59
Vote:
 

yes, depanding on return-url it redirects to the right extranet. But the episerver default prompt is poping up before my ashx. isnt it any classic mode? with a loginpage?

#120064
Apr 09, 2015 14:05
Vote:
 

By episerver default prompt, do you mean the one at /util/login.aspx?

#120140
Apr 10, 2015 15:49
Vote:
 

Nope, it is a popup login prompt, like the one on windows login in web browsers, but in all browsers. is it just me? i thought that was the default prompt... is it an IIS thing?

#120141
Apr 10, 2015 15:53
Vote:
 

Yes, Windows Login prompt suggests you need to look at your IIS settings. You should have it set for Anonymous access.

It could also, depending on your other config, have something to with Permissions on disk.

If you run integrated mode you can't combine a HTTP Authentication login prompt with Forms Authentication. This worked on IIS6.

#120146
Apr 10, 2015 16:19
Vote:
 

It is really strange, i ve been looking all over my windows server 2012 configurations, i do have Forms authentication activated, and i do login in with the episerver membership credentials, and not any windows account. I do run the IIS AppPool as NetworkServices. Permissions on disk is set. I have this on dev, test and prod server. Im confused ...

#120228
Apr 13, 2015 21:59
Vote:
 

Maybe some other settings in web.config is causing popup window to show up. For instance <location> element defined for "templates" folder?

#120229
Apr 13, 2015 22:17
Vote:
 

by removing

<add name="BasicAuthentication" type="EPiServer.Security.BasicAuthentication, EPiServer" />

from web.config  <modules runAllManagedModulesForAllRequests="true">

Its working without prompt. what is EPiServer.Security.BasicAuthentication? legacy?

It seems that EPiServer.Security.BasicAuthentication is like two-level authentication using Forms Authentication and Windows Authentication.

#120294
Apr 14, 2015 18:00
Vote:
 

As far as I remember Basic authentication module was needed to support sending a basic authentication challenge instead of a redirect to the forms login page. So it actually decodes authentication from request header and tries to authenticate given user and password against membership providers. If successful - it issues FormsAuthentication cookie.

And what's most probably more interesting for your case - is that on request end it monitors response state,  and if form authentication is enabled and server sends back redirect to login page, this module intercepts that, sets reponse status to 401 and adds "WWW-Authenticate" header - which indicates Http basic authentication process to take place.

#120309
Apr 14, 2015 22:43
Vote:
 

You nailed it Valdis Iljuconoks

#120310
Apr 14, 2015 22:55
Vote:
 

For the record

<add name="BasicAuthentication" type="EPiServer.Security.BasicAuthentication, EPiServer" /> is still indeed working if you need to authenticate for example webservices.

Just remember to deactivate it on base path:

  <location path="">
      <episerver.basicAuthentication sendBasicChallenge="false" basicRealm="" />
  </location>

#121544
May 13, 2015 12:26
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.