How to enable Auto Logon User Authentication for Google Chrome
Recently I’ve been playing around with IdentityServer4 doing a spike for work to see if we can use it to remove the tight coupling of a ASP.NET Core MVC and Web API application to Windows Authentication (on-premise Active Directory).
This is a screenshot of the demo MVC app I’m using for the spike. You can see it has a section named “Secure” which requires authorization to open.
I configured Windows Authentation as an external authentation provider and I was able to get to the point where when I hit a secured section of the MVC application I would be routed to IdentityServer4 and I could click the Windows authentication button and then login using my Windows credentials.
This is a screenshot of IdentityServer4 showing the Windows authentation button.
This is where I discovered that when using Chrome I would always be initially prompted for my credentials however in IE/Edge I would be automatically logged in without being prompted. After some research I identified that there is some extra configuration you need to do for Chrome to automically log you in with your Windows credentials without being prompted.
There currently appears to be four ways of configuring Chrome for Windows Integrated Authentication:
1. Add the site into the Local intranet site list in IE.
This is probably the easiest solution for dev and/or for a small set of manually managed machines. You do need to note that this is user profile wide so it will affect other sites that share the same URL.
You can follow the instructions here.
2. Add some command line arguments when launching Chrome.
This is a useful option if you have the ability to easily share a batch script or shortcut with the users and/or you want to be able to quickly be able to enable/disable this. For instance I configured Visual Studio to launch Chrome while debugging with these extra paramters as most of the time I just want to use my account. If I need to login using a differant set of Windows credentials then I will use a normal Chrome window.
This is an example of the command you would use:
Chrome.exe –auth-server-whitelist=”MYIISSERVER.DOMAIN.COM” –auth-negotiate-delegatewhitelist=”MYIISSERVER.DOMAIN.COM” –auth-schemes=”digest,ntlm,negotiate”
3. Edit the registry
This option is useful for deploying to a set of machines where the organisation is already using Group Policy for managing their machines.
You can find the instructions for this here under the “To modify the registry to configure Google Chrome” heading.
4. Use ADM/ADMX templates through Group Policy
This option is useful deploying to a set of machines where the organisation is already manaing Chrome/Chromiom configuration using Group Policy.
You can find the instructions for this here under the “To use ADM/ADMX templates through Group Policy to configure Google Chrome” heading.
References:
https://specopssoft.com/blog/configuring-chrome-and-firefox-for-windows-integrated-authentication/
Subscribe to Ashley Hollis
Get the latest posts delivered right to your inbox