Windows Authentication with Chrome and IIS

Recently I was tasked at work with creating a dashboard application for use on our intranet using ASP.Net MVC. Due to the need to track some user preferences, I set this up to use Windows Authentication so I would be automatically passed the credentials from the user’s Windows session. I developed the web app and tested it using IIS express on my local machine using both Internet Explorer and Google Chrome without issue. When it came time to deploy the site to our test cluster for some user feedback, this is where I discovered an issue around Windows Authentication with Chrome and IIS (Internet Explorer still worked fine).

When pulling up the site in Chrome I was greeted with “This webpage is not available”. Clicking on the more button revealed the error code: “ERR_INVALID_AUTH_CREDENTIALS”.

Chrome Invalid Auth Credentials


What Didn’t Work:

I remembered reading where Chrome uses the local intranet settings from Internet Explorer so I pulled up those settings to take a look. I tried specifically adding the new site to the local intranet zone with the dialog box shown below (Internet Options -> Security Tab -> Sites -> Advanced). Unfortunately, this didn’t help. When I refreshed Chrome I still had the “ERR_INVALID_AUTH_CREDENTIALS” error.

Local Intranet Add Site To Zone

Back on the security tab in the internet options dialog, I clicked the “Custom Level” button and looked through all the settings. At the very bottom I found what looked like a promising setting under User Authentication -> Logon. By default, “Automatic logon only in Intranet zone” was selected. I changed that to the option below it that read, “Automatic logon with current user name and password”. Upon refreshing Chrome, I once again found I was still getting the “ERR_INVALID_AUTH_CREDENTIALS” error.

Local Intranet Security Settings

What Worked:

At this point I decided to start Googling around for some help. I found several StackOverflow questions that offered some suggestions, but none of them seemed to work. Eventually I stumbled across the suggestion of removing “Negotiate” from the enabled providers in IIS for the site. I gave it a shot, and this is what ended up solving the issue for me.

Here’s how to make the change: Navigate to your site/application in IIS and select it by clicking on it. This should show a list of options in the “features view” on the right hand side of the screen. Find “Authentication” and double click on it.

IIS Select Authentication

You should now see a list of different authentication types. Click on Windows Authentication to select it and then click on Providers in the Action section of the right hand column.

IIS Select Windows Auth

This will pop-up a dialog showing the enabled providers. I tried adjusting the negotiate provider’s priority by moving it down the list, but that didn’t seem to have any effect. Remove the “Negotiate” provider by clicking on it in the list to select it and then clicking on Remove.

IIS Providers Dialog

Click the Ok button on the dialog to close it down and then refresh your site in Chrome.

Version Information:
Google Chrome v33
Internet Explorer v11
IIS v7.5