Active Directory authorization: IIS vs Visual Studio Dev server

Question

I have a web project that uses Active Directory authorization (All controllers marked with AuthorizeAttribute). In web.config i have following authentification section:

<authentication mode="Windows" />
<authorization>
  <deny users="?" />
</authorization>

The problem is: When i run project under Visual Studio Development Server everything goes fine, it pops authorization window, after entering login/password i can see all site contents.

But, when i try to run it under IIS (7.5) authorization window still pops, but login/password is always incorrect (looks like it cannot access AD). Site is configured to use windows authorization. Application pool runs using my windows login/password. What am i missing?

Answer 1

If your host header file is pointing to 127.0.0.1, it may be the authentication loopback check.

If that is the case, the answer is already detailed at why does windows authentication / impersonation fail on asp.net application with iis 7.5 / windows 7 /. In short, open regedit, and add a DWORD DisableLoopbackCheck = 1 to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.

Answer 2

I was having same problem, following solved my problem:

1. Select website
2. Select "Features View".
3. Open "Authentication" section. Note: I am Assuming your website has Windows Authentication enabled as stated above by you.
4. Select "Windows Authentication"
5. In right side "Actions" section, click on providers.
6. Now from "Providers" Pop-up select "Negotiate" and remove it.
7. refresh website & run

Please let me know if it works for you.