Windows Authentication not working in IIS 7.5

divide_byzero picture divide_byzero · Sep 20, 2012 · Viewed 85.7k times · Source

I am having a problem with getting windows authentication to work on IIS 7.5. The application is an internal site built in asp.net MVC 3. The application pool is using a specific domain user and the site is using windows authentication. Every time I try to launch the site IE prompts me for a login.

If I cancel enough the site comes up, messed up looking, but it has my name associated with my windows log in displayed at the top. So that tells me that the site is picking up my windows credentials correctly.

I added the Network local user to have read access to the inetpub folder on the server and now it doesn't prompt for login with IE 8. But on chrome I get this error "Error 338 (net::ERR_INVALID_AUTH_CREDENTIALS): Unknown error.".

It is in our intranet sites zone. I should have stated this but I forgot. The site used to work on our old development server but when I upgraded to Win 2008 R2 with IIS 7.5 it stopped working. Used to be on 2003 with IIS 6.0.

I am wondering if any one has any idea what else I can try. I am pretty much spinning my wheels at this point.

I have tried all of the solutions in the links below and none of them have fixed the problem

http://forums.iis.net/t/1177154.aspx

http://forums.iis.net/t/1178188.aspx

Receiving login prompt using integrated windows authentication

http://warnajith.blogspot.com/2011/06/iis-75-401-unauthorized-access-error.html

http://forums.asp.net/t/1639511.aspx/1

https://superuser.com/questions/128746/iis-asks-for-login-pass-when-accessed-using-hostname-but-not-when-localhost-is

http://ask.metafilter.com/183636/Prompted-for-a-username-and-password-when-browsing-to-an-IIS-virtual-directory

IIS 7 and Windows Authentication

Answer

captainhero70 picture captainhero70 · Apr 17, 2014

Related Note: If you are trying to replicate your site on localhost, and windows authentication is enabled and still fails, the solution is some registry hacking to avoid the loopback check:

Using regedit, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0 Add a new Multi-String Value to MSV1_0 and name it BackConnectionHostNames Add the host names you wish to use. Example, "mysite.com". Restart the IIS.

Source link

The value should be the website name in your windows hosts file.

Also to be able to access a non-authenticated /data folder using PHP's file_get_contents, I had to add this to the applicationHost.config file, to prevent 401 errors.

<location path="mysite.com/data">
        <system.webServer>
            <security>
                <authentication>
                     <anonymousAuthentication enabled="true" />
                    <windowsAuthentication enabled="false" />
                </authentication>
            </security>
        </system.webServer>
    </location>