Our internal users are being asked to enter their username and passwords to see the homepage. We want them to use SSO and not get a prompt.
Here is the details:
- Windows authentication is enabled. The rest is disabled (including Anonymous authentication)
- Using default apppool which is Integrated and .NET Framework 4.0. Apppool uses NetworkService account
- Server and client are in the same AD domain
- Using Internet Explorer to test
- Making changes in client side is not an option (Trusted sites etc.)
Note: If I give users Read permission on website's pysical folder, they are not asked to enter credentials. However, I'm trying to figure out why I should give permissions to users since IIS_IUSRS has Full Control
You can try to use impersonation to perform operations and access resources with the security context of the authenticated client or of a specific Windows account in your AD and achieve SSO.
To impersonate the internal authenticated user, change your Web.config file: