views:

370

answers:

1

hi there; i'm troubleshooting why i cannot get past the login dialog on an asp.net site configured for windows authentication and impersonation. help me before i switch to os x development and objective-c

i have an asp.net 2.0 application and i'm trying to deploy it on windows 7 with iis 7.5. i've created a new site, and bound it to localhost and a fully qualified domain name. the fqdn is in my hosts file, and is redirected to 127.0.0.1

the site is also running with an appdomain i created, with integrated pipeline mode, and the process model identity is set to ApplicationPoolIdentity.

web.config includes the following: <trust level="High" /> <authentication mode="Windows" /> <authorization> <deny users="?"/> </authorization> <identity impersonate="true"/>

acl on the directory for the site is desperation set to everyone full control, the application pool virtual account (windows 7 thing) is set to full control on the physical directory for the site also.

iis authentication has asp.net impersonation enabled, and windows authentication enabled.

when i connect to the site as localhost, it permits me to get past the login prompt and the application loads without incident.

when i connect to the site as the fqdn set in the host headers bindings for this site/ip/port, i cannot get past the login prompt. clicking cancel throws to a http 401.1 error page.

why? thanks very much in advance.

+1  A: 

and the answer for this one is going to be a security feature known as the authentication loopback check, introduced way back in Windows 2003 SP1, as per: http://support.microsoft.com/kb/926642

i was trying to connect to my iis host headers instance using a host header defined in my /etc/hosts file as pointing to 127.0.0.1, while logged in at the machine running iis - this is the loopback scenario.

it bites you in various contexts, such as this (http://blogs.bluethreadinc.com/thellebuyck/archive/2008/10/30/401.1-error-when-accessing-sharepoint-from-server.aspx) or this world of hurt in google (http://www.google.ca/search?q=authentication+loopback+check&amp;ie=utf-8&amp;oe=utf-8&amp;aq=t&amp;rls=org.mozilla:en-US:official&amp;client=firefox-a)

THE FIX involves some simple regedit work: http://blogs.bluethreadinc.com/thellebuyck/archive/2008/10/30/401.1-error-when-accessing-sharepoint-from-server.aspx

i also did not need to enable impersonation for my situation, and so i disabled that, and now i can connect using my faked fqdn both locally and remotely

velvet sheen