Today I changed the application pool identity of our ASP.NET application from "Network Service" to a domain user.
I added the user to the local group "IIS_WPG", done a iisreset just in case, and everything works fine with IE6 and Firefox 3.0
But when I go to the website with IE7, an authentication popup appears, I type my credentials, and then :
HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials. Internet Information Services (IIS)
Any ideas ?
Typically, if you see an issue with authentication where it works in IE 6 but not IE 7, I'd check to make sure Kerberos is configured correctly.
Running as Network Service, your Kerberos SPNs should attached to the machine account. As a domain account, the SPN's need to be on that account.
As to why IE 6 is different than IE 7, its most likely due to some of the Kerberos HotFixes that apply to CNames and ticket time outs. Search MS Support for "kerberos HotFix"
To turn off Kerberos for the site:
cscript adsutil.vbs set w3svc/###/NTAuthenticationProviders "NTLM"
Where ### is the SiteID from the MetaBase.
You can try to disable "Enable integrated authentication" in Options, Advanced Settings. But I don't know if there isn't some side effects.