I have an asp.net site that is running on IIS7 on Windows Server 2008 R2, my site is under Default Web Site node under the Sites node.
On my site's authentication tab, I have:
- Windows Authentication
- Basic Authentication
- Anonymous Access
- Forms Authentication
- ASP.NET Impersonation
These are all enabled -I didn't set those myself, a fellow developer on the team did. Everybody on the same network is able to access the site without any issues, except for one user who is on another domain -don't know if it's a trusted or not.
When that user on the other domain tries to access the site, IE displays a security dialogue asking for credentials. My site doesn't make use of any windows credentials, so I don't really need to know the Windows username and password for the visitor. The dialogue that is displayed by IE doesn't block the user from accessing the site, in fact no matter what she does (enter some blah blah credentials, or even cancel out off the dialogue) the site will still open as intended and she will be able to use the different functionality of the site.
My question is: What are the correct settings that I should be using to force IE not to display the security popup?
Best Answer
Since cancelling allows her to view the site still, I bet that it's one of the dependencies on the page that requires authentication. It may be .css, .js or maybe an ad, or something that her environment adds to the page via a proxy server.
You can test this by giving her a test.html page that simply says "Testing". If she can review that without a prompt, then my theory is correct. If my theory is correct, then review the page to find out which file isn't allowed, and trace that down to find out why.
Since you only want to allow anonymous access, you can remove all other forms of authentication to rule that out. However, I think it's something more than that.