Friday, January 21, 2011

FireFox supports Integrated Windows Authentication

Most people (including me until recently) don’t know that FireFox support Integrated Windows Authentication (NTLM). The behavior that most people are accustomed to is when you go to a web site on a corporate intranet that often requires Windows Authentication using Firefox you get a prompt for your username and password and for Internet Explorer you are logged in automatically. So, the assumption that many people (me included) make is that Firefox doesn’t support Integrated Windows Authentication. Fortunately, this is a wrong assumption.

Internet explorer determines what sites are ok to use Integrated Windows Authentication on by looking to see if the site is in the Intranet Zone which can be done by looking the url, etc. Well Firefox doesn’t use that criteria. Firefox instead uses a white list or in others you have to explicitly tell it which sites to trust and that will then use Integrated Windows Authentication. Since the list is empty by default every site that has Integrated Windows Authentication enabled still gets a prompt. The simple solution is to add the sites that are on your intranet that use Integrated Windows Authentication to this list.

The Easy Way

The good news is that someone created a nice and easy to use Add-on for Firefox. So you can open up Firefox and go to Tools menu | Add-ons | Get Add-ons tab and type in the search box: NTLMAuth. You will likely get one result and it is for an add-on called NTLMAuth For Firefox. Click the Add to Firfox… button, install, and restart Firefox.

Open up Firefox again and go to Tools menu | NTLM-Enabled Sites

You will get a screen that looks like this:

image

All you have to do is add the sites you want to have Integrated Windows Authentication enabled for. No more prompt will be shown for these sites. Please note that you do NOT want to use http:// or anything after the domain name except a colon then port number if it is not port 80.

For example, you could put www.apple.com or myapp.mycompany.com:1234.

For Geeks

The truth be told you don’t need the add-on at all. You can do this with just Firefox itself. The add-on just saves you from changing some configuration items in Firefox.

If you want to do it yourself, here is what you need to do.

  1. Open FireFox
  2. Type about:config in the address bar. (Tip: Don’t let Google try to search on this item if that feature is enabled by hitting escape after you type it). Hit enter of course to go to it.
  3. If you are using FireFox 3.x or later you will be warned. Agree if you want to continue. If you have already told it to not bother you in the past you won’t get this prompt.
  4. You can look through the list or simply type network.automatic in the Filter at the top of the the screen. Look for a line that is called network.automatic-ntlm-auth.trusted-uris. Double-click that like to bring up the tiny little editor. It’ll look like this.

    image 
  5. You can now type in your sites separated by commas. It worked for me without spaces, but I read that you can use spaces also.

    TIP: I recommend just typing them all into notepad or some text editor, then copy and paste the big line into this little textfield.
  6. Click OK and that is it.

1 comment:

electronic signatures said...

You are right on the point that many people are unaware of the fact that FireFox support Integrated Windows Authentication.I am also one of them and it worked perfectly when i used it.One of my friend who is a developer was aware of this as it was needed for him for web development on intranet