IIS windows auth and host headers prompts for login with IE

0
votes

I have a web site I have been working on locally with VS 2012. Its intended to use Windows authentication. In my web.config I have windows auth set

<authentication mode="Windows" />

However, when I browse to the site after putting it on IIS7, I get prompted for a login. Entering the login, I get access to the site without error.

In IIS manager, under Authentication > Windows Authentication ? Providers, I moved NTLM up to the top. Also, I have a host header name for the site, and this name has an internal DNS route defined. Also, on IIS, under Authentication, I have Windows auth enabled, and anonymous disabled.

How can I allow users on my domain to browse to the site without having to provide a login?

1
asp.netiis-7
I think this is related to what Im running into support.microsoft.com/kb/896861 and I suspect if I deploy my app to an application under the default website and access the app with the servername/appname, users will not get promptedbitshift
wiktorzychla.com/2012/06/…Wiktor Zychla
Yep, sure enough. The issue with forcing a challenge login when using host headers (so users can get used to the url while testing) and windows authentication, is there on purpose to help prevent reflection attacks. So its something you just have to accept. The login is only required once.bitshift

1 Answers

0
votes

Even though, this is like way old question, i stumbled upon this situation, not just in IE but in all the browsers and found out to be having a pretty decent and simple fix. I posted my answer in other question similar to this.

https://stackoverflow.com/a/62908487/11121833

Posting it here too, for anyone who may visit this question looking for solution.