Browser pops up window asking for username/password with ASP.NET app

Question

This application is using windows integrated authentication in IIS. No anonymous login.

It's also using an application pool defined to log on with a domain user.

If a try to browse any page, it pops up the username and password dialog box and even though I entered a valid user (including the domain administrator) it doesn't log on into the app. I keep getting the username/password dialog. If I logon locally (in the IIS box), it works OK.

Also, if I change the application pool to use Network Services, it works OK.

The domain user is already a member of the local IIS_WPG group in the IIS box.

Am I missing something here?

Answer 1

I suspect the NTFS file persmissions on the .aspx files don't allow the users you are logging in as the needed access to read/execute them. What are the file permissions on the files you are trying to view? What do your authorization and authentication elements in web.config look like?

Answer 2

This sounds like it's related to the privilges assigned to the domain user. i.e. whether they, or indeed the server, are permitted to impersonate the user that is logging in. Or, something regarding "Trusted for delegation" in the server's settings in AD. Either way, you'll probably get a better response on serverfault =)

Answer 3

If you use a domain account for the Application Pool you have to run a series of scripts on the domain controller. So, apparently it's not recommended to use a domain account, rather a local server account. Microsoft has this issue documented on a case:

http://support.microsoft.com/default.aspx/kb/871179