Automatic Windows Authentication with Firefox network.automatic-ntlm-auth.trusted-uris
by Greg on Mar.15, 2008, under Internet
One of the main reasons I don’t use Firefox in an Intranet environment, is due to the logon prompt from IIS Windows Authentication. I keep having problems with IE7 on Vista losing the auto-NTLM auth, where it asks for my password, when it’s supposed to just log me in based on my domain logon! ARgh! So I started Google-ing and found out that Firefox can do this too!!! I never knew that, in all these years of Firefox use!
You have to set which sites are allowed to do this though. But that’s fine, not like I login with NTLM all over the place, just a couple sites from the Intranet. Go to about:config in Firefox, lookup all the “network:auth” items and you’ll see this one:
network.automatic-ntlm-auth.trusted-uris
Open that, and enter the website address. (even port if needed) BAM! That’s it!
For example:
webapp.servername.local:8080
This will use automatic NTLM logons based on your windows logon. But note: I do not know if this works if your machine is not a member of a domain.
April 27th, 2008 on 7:27 am
Someone left a comment and I think I bulk deleted it on accident. Whoever you are, sorry about that. If you like, post again, I’ll remove my comment.
Anyway, your comment on adding multiple sites is a good point. So to add more than one site to this list, just use comma separated list. (site1.com, site2.net, etc)
May 27th, 2008 on 4:58 am
Where the heck is about:config? Firefox 2.0.
May 28th, 2008 on 2:15 pm
about:config is like a Mozilla “registry” of settings builtin to it. You get to it by typing that directly in your URL address bar. Like you are browsing to it.
June 5th, 2008 on 4:36 am
Oooh, this is nice :) Now I can use Firefox (without IEtab) for our company intranet! Thanks! I always, like you, assumed that automatic Windows Authentication was unavailable for Firefox :O
June 30th, 2008 on 2:58 am
Quite important though, the comma seperated list is actually comma and space seperated. It didn’t work at first, until I put a space after the comma.
June 30th, 2009 on 4:14 am
Is there a way to read about:config (network.automatic-ntlm-auth.trusted-uris) settings from JavaScript? (Or maybe from HTTP headers in a server-side code?)
June 30th, 2009 on 7:51 am
I am not sure if you can do that from Javascript. You might need to Google a bit on that one. I can see that might be handy, but maybe there are security implications allowing access to some of that data in about:config.
Thanks for the comment! (and question)
June 30th, 2009 on 11:17 am
Yes, it probably would be dangerous to be able to modify it, but it would be nice to read it! On my “DualLogin” page (ASP.NET, C#) I display a “Use Windows Credentials” link which allows domain users to login without submitting username/password explicitly (it then verifies automatically passed username against application’s database and uses FormsAuthentication.RedirectFromLoginPage().
I’m displaying that link only for internal users (IP check) and, currently, only for IE users, because I don’t want that automatic authentication pop-up. If it was possible to read network.automatic-ntlm-auth.trusted-uris settings, I would display this link for some Firefox users as well…