Strange Firefox behavior on an Asp.Net application

i'm developing an Asp.Net application who try to connect to an active directory to login. I know i'm not using the "best practice" to do this, so i attach my source code inside the "Default.vb":

Dim User As System.Security.Principal.IPrincipal

Dim username As String

User = System.Web.HttpContext.Current.User

username =User.Identity.Name

If User.Identity.IsAuthenticated Then

'ok do something

else 'do someothers

end if开发者_JAVA技巧

When i use Chrome and Internet Explorer is all ok: automatically the user is signed as "logged". But if i open Firefox it ask username and password with his "internal" inputbox ... i don't know how to explain... firefox ask for a user and a password: if i enter my active directory username and password (for example, i enter user: MYCOMPANYDOMAIN\stighy) , then i enter...

So .. i'm doing something wrong ?

By default firefox will not automatically send NTLM credentials.

However it is possible to override this via the browser settings.

In most cases it is not practical to change peoples settings.

However if you are developing a intranet based application, it may be feasible for you to change on client machines that you need to. And I have heard that you can change the settings en masse using a group policy.

Here is something to get you started http://support.mozilla.com/en-US/kb/Firefox%20asks%20for%20user%20name%20and%20password%20on%20internal%20sites

It appears that the page isn't maintained, so I can't vouch for it.

However I have changed these settings before myself (thought sorry I can't find the exact tutorial I used).

It's because of the implementation of NTLM in Firefox.

When you connect to a site using integrated auth, the server first responds with a 401 and a authenticate header identifying what auth methods it supports. Your browser can react to this in a number of ways. With integrated auth, there are actually 2 methods that do the same thing in slightly different ways.

IE uses Kerberos, because, well it's Microsoft. This is method uses only 1 round trip. Your browser responds to the challenge it got above with a token. This token is all the server needs to figure you out and let you in.

In Firefox they use the older, but better documented NTLM. Firefox asks the server for a challenge which the server responds to. Firefox then needs your username & password to asnswer this callenge and the only way to get this is to ask the user.

It then responds to the challenge using an encrypted value based on your username & password. If this matches the challenge the server was expecting, you get authenticated.

I guess Chrome uses a method similar to IE so doesn't need to prompt you. Bottom line is you're not doing anything wrong & it's just the way it works. I would suggest reading up on Challenge/Response passwords if you want to find out more.

Simon