Receiving login prompt using integrated windows authentication
I have a Windows 2008 server that I'm working on, so my answer is not completely the same as what the OP has on a Windows 2003 server.
Here is what I did (recording this here so I can find it later).
I was having this same issue:
In my Web.config file, I had this section:
<system.web> <authentication mode="Windows" /> <authorization> <allow users="*" /> <deny users="?" /> </authorization></system.web>Under IIS, all of these seems to be solved under the Authentication icon.
- Edit Permissions: Make sure your ASP.NET account has permission. Mine was not originally added.
Now go into the features of Authentication:
Enable Anonymous Authentication with the IUSR:
Enable Windows Authentication, then Right-Click to set the Providers.
NTLM needs to be FIRST!
Next, check that under Advanced Settings... the Extended Protection is Accept and Enable Kernel-mode authentication is CHECKED:
Once I did this, I went back to my web application, clicked the Browse link, and logged in without having to provide my credentials again.
I hope this proves beneficial to many of you, and I hope it is useful for me later as well.
Just for other people's benefit. If the error is a 401.1 Unauthorized and your error code matches 0xc000006d, then you're actually running into to a security "feature" that blocks requests to FQDN or custom host headers that don't match your local machine name:
Follow this support article to fix the issue:
https://webconnection.west-wind.com/docs/_4gi0ql5jb.htm (original, now defunct: http://support.microsoft.com/kb/896861)
From the support article, to ensure it doesn't get lost:
The work around is a registry hack that disables this policy explicitly.
To perform this configuration manually find this key in the registry on the server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsaand edit or add a new key:
DisableLoopbackCheck(DWORD)then sent the value to 1 to disable the loopback check (local authentication works), or to 0 (local authentication is not allowed).
Or more easily you can use Powershell:
New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name "DisableLoopbackCheck" -Value "1" -PropertyType dwordIt looks like recent builds of Windows 10 (1803 and later?) also require this configuration setting in order to authenticate locally.
This one took me awhile because everyone else's comments here failed to help me. I found this article and it fixed it!
I had a similar issue whereby I wanted to protect only a certain part of my website. Everything worked well except in IE. I have both Anonymous and Windows Authentication enabled.For Anonymous, the Identity is set to the Application Pool identity. The problem was with the Windows Authentication. After some digging around I fired up fiddler and found that it was using Kerberos as the provider (actually it is set to Negotiate by default). I switched it to NTLM and that fixed it.HTH
Daudi