Moste Strange IIS Windows Authentication behavior

Question

I have an ASP.NET website, it is running on Windows Server R2 in corp network, and using Windows Authentication, below is its config information:

• The app pool of the website is using a domain account and in Integrated pipeline mode.
• The authentication is set Windows Authentication, all other authentication modes are disabled.

However, this setting does not work, every time I access the website, it pops up the windows asking for user name and password, I enter the correctly domain user name and account, it does not pass, the windows pops up again; after three times, it fails and return a white page. I tried with many different brewers, all fail; I ask some colleagues to try, fail too.

I cannot figure out why this error happen and try many ways to fix, no luck. I think it is very strange. However, finally I found a way to fix this problem, this is the most strange part of the problem: I edit the "Physical path" in "Basic Settings" of the website, I just point it to another healthy website, for instance, %SystemDrive%\inetpub\wwwroot, then I try to browse the website, very good, it runs well and displays the default page(iisstart.htm). It looks like it is not very helpful, but then I change the physical path back to my website; suddenly everything goes well -- the windows authentication works! I do not know why it helps, but I am happy with this result -- it fixes my problem though I do not know what the shit happens.

The happy time is always short, several days later, the server got some patches and restarted, the website can't work again. And again, I can fix the problem using the tricky above.

I do not like this way, I do not like doing this stupid trick every time the IIS reset or server restart.

Is there any guys who has some ideas on why the windows authentication fails, and why the trick aforementioned can fix, and why after IIS reset it fails again?

Answer 1

I just found it seems caused by custome 401 error pages under "Error Pages". I set it to execute an URL when the status code is 401 in my web.config, it looks like:

 <httpErrors errorMode="Custom">
 <remove statusCode="401" subStatusCode="-1"/>
    <error statusCode="401" path="/Error/AccessDenied" responseMode="ExecuteURL"/>
 </httpErrors>

Then every time I reset IIS and try to access this website, the problem appears. If I delete it in Web.Config or delete from IIS console, then the problem disappears, what is more funny is another experiment: after I deleted this settings and have been successful opening the website, I added this setting back. Everything works very well. Every domain user can access this website, those that failed passing authorization get the customer error page.

So my solution now is I removed this setting in my Web.Config, every time I reset IIS or restart the server, the server admin need to hit the website first, and then add this customer error page in IIS console.

I feel this is a bug of II7.5 on Windows Server 2008 R2.