none
Sign in prompt

    Question

  • Hi 

    Some users still get this prompt, when they access the Search WebApplication/sitecollection...  

    I'm site collection Owner and the http://search are in the trusted sites etc. in IE - also got the sign-in sometimes - No Load balancer in front - just one WFE Server with several WebApplications - and Search Webapplication is the only one prompting users... 

    What am I missing in the Search Webapplication?  

    Do I enable anonymous access - re-submit the Portal SuperReader/SuperUser accounts or grant special permissions to the search index location or what to do?  

    I've the same IIS settings as below in test environment - and that doesn't prompt 



    • Edited by JmATK Tuesday, April 25, 2017 6:12 AM
    Monday, April 24, 2017 5:15 AM

Answers

  • Think this is finally solved 

    The Search -> Style library was missing rights for the System Account 

    • Marked as answer by JmATK Tuesday, May 23, 2017 10:12 AM
    • Unmarked as answer by JmATK Tuesday, May 23, 2017 11:01 AM
    • Marked as answer by JmATK Wednesday, May 24, 2017 4:38 AM
    Tuesday, May 23, 2017 10:07 AM

All replies

  • Hi there,

    From the above picture it appears that Form based Authentication or ADFS is enabled in your environment for that web application

    You can verify this from Manage Web Applications > Select your webapp > Click on Authentication providers

    If there are no specific reasons why you enabled FBA\ADFS you can uncheck that option.

    Regards,

    Sunday, April 30, 2017 1:27 AM
  • Hi Vasile 

    Just installed it "OOTB" :)

    The settings on the WebApp is this: 

     and going into Default: 

    In the IIS there's this as well 

    I just need the Windows Authentification in the IIS in a Intranet scenario - correct? 

    Found this - and this is exactly my "issues" 

    https://blog.blksthl.com/2012/11/02/anonymous-authentication-always-on-in-sharepoint-2013/ 

    Read a lot of Authentication SP 2013 sites - but can't figure out why the 'Search' webApp is the only one that prompts the users - the setting in the users browser is 'correct' - and its under trusted sites and the IIS settings is similar on the various WebApps/sites.

    If I disable the form authentication in the IIS,  I get this:

    Just tried to see the ULS and when a user do a search it provides success 
    STS Call Claims Windows: Successfully requested sign-in claim identity for user contoso\username

     


    • Edited by JmATK Tuesday, May 2, 2017 6:06 AM
    Monday, May 1, 2017 5:26 AM
  • update 

    If I add Everyone in the User Policy for WebApp through CA (read permissions) - the sign in prompt is gone for those users ?!?!?!

    but it cannot be right that the Search WebApp  - as the only one in the farm - needs this, or?    

    Tuesday, May 2, 2017 6:13 AM
  • Hi,

    Please remove Read permission for everyone from User Policy in CA.

    Do this issue occur to all users? Or only occur to those who don’t have read permission for search site?

    In the following figure you provided, it provides two windows authentications, are they different?

    If you create a new web application with default settings, will this issue occur?

    Thanks,

    Dean Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Sunday, May 7, 2017 5:26 AM
    Moderator
  • Hi Dean 

    Ok - I'll remove everyone :)  

    Only for some - very random - already checked their IE settings, and they are correct

    Everyone are in the Search Visitor SP group (Specific AD group) and they have Read access

    Don't think they are different - havn't tried seleting the one in the bottom - and selecting the first one immediately re-directs the user and search results are shown..

    I can try to make a new - but its in production - and only the Search does this - no of the others WebApp does it..  

    Sunday, May 7, 2017 5:33 AM
  • think its solved - haven't heard that user experiences this anymore 
    • Marked as answer by JmATK Saturday, May 13, 2017 5:57 AM
    • Unmarked as answer by JmATK Thursday, May 18, 2017 11:20 AM
    Saturday, May 13, 2017 5:57 AM
  • Users still report they are getting this Sign-in prompt ....sigh! ! 

    Do I re apply the Portal user account? - do I strip the WebApp for all Authentificated users and re-apply this - do I build a new WebApp and Site Collection - what to do?  

    And why the H*"!! are there 2 windows authentication options in the dropdown and not a Forms authentication and windows ? 


    • Edited by JmATK Thursday, May 18, 2017 11:57 AM
    Thursday, May 18, 2017 11:24 AM
  • Hi,

    Please try to use Fiddler to monitor the Sing In process to figure out which causes this.

    And also check ULS logs (enable verbose).

    Instead of building a new web application, you need to monitor the Sign In process to see if anything went wrong.

    Best Regards,

    Dean Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, May 22, 2017 1:47 AM
    Moderator
  • Hi Dean 

    Just tried to do a search from http://portal (with keyword sharepoint) which sends me to http://search

    - and I got the login prompt myself :) 

    So went back started fiddler and this is the result 

    Request headers: 

    401 - POST /_api/contextinfo HTTP/1.1

    200 - POST /_api/contextinfo HTTP/1.1

    200 - POST /_vti_bin/client.svc/ProcessQuery HTTP/1.1

    302 - GET /Pages/results.aspx?k=sharepoint HTTP/1.1

    302 - GET /_layouts/15/Authenticate.aspx?Source=%2FPages%2Fresults%2Easpx%3Fk%3Dsharepoint HTTP/1.1 

    200 - GET /_login/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252FPages%252Fresults%252Easpx%253Fk%253Dsharepoint&Source=%2FPages%2Fresults%2Easpx%3Fk%3Dsharepoint HTTP/1.1

    • Edited by JmATK Monday, May 22, 2017 5:19 AM
    Monday, May 22, 2017 4:12 AM
  • should I set up anonymous access in the search webapplication in order to resolve this ?
    Monday, May 22, 2017 3:56 PM
  •  I need to solve this asap.... 

    the webconfig are using this on all WebApplications (Claims) 

      <httpRuntime maxRequestLength="51200" requestValidationMode="2.0" />
        <authentication mode="Forms">
          <forms loginUrl="/_login/default.aspx" />
        </authentication>
        <identity impersonate="true" />
        <authorization>
          <allow users="*" />
        </authorization>
        <httpModules>


    • Edited by JmATK Tuesday, May 23, 2017 10:03 AM
    Tuesday, May 23, 2017 7:35 AM
  • Think this is finally solved 

    The Search -> Style library was missing rights for the System Account 

    • Marked as answer by JmATK Tuesday, May 23, 2017 10:12 AM
    • Unmarked as answer by JmATK Tuesday, May 23, 2017 11:01 AM
    • Marked as answer by JmATK Wednesday, May 24, 2017 4:38 AM
    Tuesday, May 23, 2017 10:07 AM
  • Is there a way to check if the WebApplication/siteCollection have the right permissions set on various folders? 
    • Edited by JmATK Wednesday, May 24, 2017 4:38 AM
    Tuesday, May 23, 2017 11:01 AM
  • Hi JmATK,

    Basically the way for verifying folder permissions is to check the ULS log. SharePoint has lots of system folders, and it's difficult to manually check all the permissions. However, no matter whatever folder access issue happens, you can get the related information if you capture detailed log(VerboseEx level).

    Regarding the current issue, please use the command line below to check:

    Get-SPAuthenticationProvider -WebApplication http://sp13/ -Zone Default

    It will list all the authentication provider for your search web application. To workaround this issue, you can extend this web application to a new zone, and specify Windows Authentication only for the new zone. By doing this, you don't have to re-create the web application.

    By the way, It's the normal behavior to login once if SharePoint use NTLM authentication provider.

    Thanks,
    Reken Liu


    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Marked as answer by JmATK Wednesday, May 24, 2017 4:38 AM
    • Unmarked as answer by JmATK Monday, May 29, 2017 4:30 AM
    Tuesday, May 23, 2017 1:21 PM
    Moderator
  • Hi RekenLiu

    Thanks ;) 

    The Get-SPAuthentificationProvider returns this 

    Wednesday, May 24, 2017 5:25 AM
  • Hi Reken

    The sentence

    "By the way, It's the normal behavior to login once if SharePoint use NTLM authentication provider."

    puzzles me as all others Web Apps doesn't prompt users - so why just the search? - can I run this without NTML so the users doesn't get prompted?  


    Monday, May 29, 2017 4:26 AM