Why is LOGON_USER Server Variable is blank on New Windows / New Tab?

Question

We are noticing some very strange behavior on an installation of a .NET2-based webapp on Server 2008. Our app uses "old school" Integrated Windows Authentication and simply reads the LOGIN_USER server variable from the request collection. There's a good reason for this, but that's somewhat irrelevant to the question, since the underlying WindowsAuthentication code from ASP.NET does the same thing.

Anyway...

• When you enter the URL in the browser, it loads up just fine and displays the username (from LOGIN_USER) no problem.
• When you click on a link within the web app, it loads the page just fine and authenticates without any problems.
• When you "hard refresh" (Ctrl-F5) it also works just fine.
• However, when you click "open in a new window" or "open in a new tab", the LOGON_USER variable is blank

Any ideas? Am I missing some IIS7 setting somewhere?

Tested clients are Windows 7 with IE8 or Windows XP with IE6.

Answer 1

I experienced something very similar on IIS6 a few years ago. The issue then was caused by both anonymous and windows authentication being turned on for the site. Turning off anonymous authentication fixed the issue.

Though this was on IIS6 it might be something to look into.

Answer 2

The problem went away on it's own............ for now. After a reboot. Really. Shoulda thought to reboot earlier.

Also: anonymous auth was not enabled (otherwise, LOGON_USER would always be blank).

So, if you ever encounter this problem.... reboot!