Our application is configured to use Forms Authentication, and on most machines it is working great. However, I am having a problem with the development environment on one of our developer workstations. When I go to one of the URLs of the application, like this:
IIS prompts me for a password, like this:
iweb.local is set up in the hosts file to point to 127.0.0.1. Essentially it is an alias for localhost. We configure the IIS site to use a host header so we can potentially support more than one application in the future.)
I am not prompted for a password if I go to most other URLs in the application, such as http://iweb.local/. And I am not prompted for a password anywhere using the exact same code base on any other developer machine. It is only this one machine that is having the problem. This leads me to be reasonably confident that this isn't a problem with the coding.
Things I have tried:
~/Areas/ReportsTest, with the appropriate refactors, and loading
http://iweb.local/reportstest/. That works; the browser no longer prompts for a username and password. However, changing the URL is not an option for our application.
http://iweb.local), but it does not log anything for any requests that prompt the user to enter a password.
http://iweb.local/reportshas two options for
NTLM. From this, I have confirmed that IIS is directing the browser to prompt for a password. But I'm no closer to understanding why.
http://iweb.local/reports/were responding to requests. Neither were, confirming that it is IIS that is handling the requests.
I am out of ideas. I cannot find anything on this one developer box that isn't configured the same as the other developer boxes.
So: Does anyone know a way to enable a deeper level of logging or tracing to figure out why IIS is asking for a password? Can anyone think of anything that may be causing this that I haven't already looked for?
This is an ASP.NET MVC 3 application running on IIS 7.5 in a 64-bit environment. The
reports portion of the URL is configured as an MVC Area.
In my Web.config file, this is how the authentication mode is set up on the offending machine.
<forms loginUrl="~/account/login" timeout="2880" />
There is no
<authentication> element in the Web.config file for the Reports area.
If there is a folder in the application named "Reports" and SQL Server Reporting Services are installed on the server, then Reporting Services Virtual Directory folder that is also named "Reports" will be in conflict with the application "Reports" folder. To fix this open Reporting Services Configuration Manager (Start->All Programs->MS SQL Server->Configuraton Tools-> Reporting Services Configuration Manager) and change the Virtual Directory from "Reports" to any other name ("TestReports") under the "Report Manager URL" in the menu on the left.
This will solve the IIS authentication issue
Use fiddler or the dev tools in IE9 to watch the request. This will then show what in the header is causing the pop-up. It could be basic auth, or NT auth where the browser is unable to fulfil the request. As it's localised to the one machine, check IIS is configured to be anonymous only & check the permissions on the file being requested.