| Applies To | |||
| Product(s): | ProjectWise Web Server | ||
| Version(s): | 08.11.11.111 | ||
| Environment: | Windows Server 2008 R2 | ||
| Area: | Installation / Deployment | ||
| Subarea: | |||
| Original Author: | Vickie Hewitt, Bentley Technical Support Group | ||
When using Single Sign On Delegate User with Windows authentication in ProjectWise Web parts the web site opens correctly, but selecting Use Single Sign-On results in getting a machine login instead. Error 401 access denied is seen in the logs.
IIS is failing to use both methods of Authenitication (Negotiate and NTLM) when authenticating with Kerbos.
Kerbos is a computer network authentication protocol that is used as a ticket basis to allow communication over a network (non-secure)
How IIS uses NTLM protocol and Kerbos protocol: http://support.microsoft.com/kb/215383
ASP.NET 2.0 Authentication Explained: http://msdn.microsoft.com/en-us/library/aa480475.aspx
If the Providers selection is not available under Windows Authentication it is possible to add the order manually in configuration file. Please locate the file:
C:\Windows\System32\inetsrv\config\applicationHost.config
Then find the Web Site that is causing issue and add the Providers order:
<location path="Default Web Site">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="true" />
<windowsAuthentication>
<providers>
<clear />
<add value="NTLM" />
<add value="Negotiate" />
</providers>
</windowsAuthentication>
</authentication>
</security>
</system.webServer>
</location>
==================================================================