Avoid entering local network credentials in Http #1435
Comments
|
Some clarification: my mate means that the users get a form from the browser to introduce their Windows' credentials. This is even before the user decided to use single sign on with Windows. It could be that they decide to use a username / password combination that we stored in our database. |
|
I suggest using https throughout. When using mixed http and https configurations subtle behavior differences are known to happen. Finding out the cause of your problem might take a lot of time that could imo be better spend on configuring https on test. |
|
We completely agree with you and our customers install https anyways. Our hope was that this could be something that Duende already knows and where a workaround could be available. Months ago we were using the open source IdentityServer over the http.sys implementation and we didn't have this issues (or it didn't happen so often). Now we upgraded to Duende's IdentityServer using Kestrel and the form displays every time we access it |
|
Can you please show us the code where you configured Windows authentication? |
Which version of Duende IdentityServer are you using?
We are using the version 7.0.6
Which version of .NET are you using?
We are using the version 8.0.204
On a local network, if our clients do not have the web application configured to use https, every time they want to connect to Duende to log in, they will have to enter local credentials to allow the browser to connect to the application in a server in the local network.
We want to know if it is possible to add some configuration in duende to avoid requiring these credentials in installations that are not configured to use https on local networks.
Best regards
The text was updated successfully, but these errors were encountered: