In my site I have one folder that does not allow anonymous access. It is set up to use Integrated Windows Authentication as it is on an AD domain. The login works fine in Firefox, Chrome, even Safari, but not IE8. Has anyone encountered this before? I can't seem to find anyone else with a similar issue, except for where the login fails in all browsers of course.
Iis – Integrated Windows Authentication not working in IE only
iisintegrated-authenticationinternet-explorer-8login
Related Topic
- Authentication of users via IE when using “host header value”
- IIS6 – Intranet Site Using Integrated Authentication Fails Externally
- Web-server – Windows Authentication Website Asking for Credentials
- IIS Windows Authentication – Not Working in Internet Explorer via Host Name
- Windows 7 IE8 NTLM Authentication Failure on IIS6 – Troubleshooting Guide
- Iis – Windows Authentication with IIS and mobile devices
Best Answer
Chances are this is due to a broken SPN somewhere.
I suspect that the non-Microsoft browsers don't do Kerberos (or at least, don't do it in the same way as IE does).
This means that IE might be attempting a Kerberos logon, where the others might well be using NTLM.
If an SPN exists for http/www.example.com or host/www.example.com, and it isn't owned by the account that runs the Application Pool, that'd be a good reason for this type of break.
On Windows 2008 or later:
SETSPN -X
will check for duplicates;SETSPN -Q http/www.example.com
will look for owners of that specific SPN.Fix your SPN problem, and you'll probably fix IE logons being broken.
Other guidance might tell you to disable Integrated Windows Authentication in IE Advanced properties; that's a boneheaded move which breaks Kerberos for everything and covers up the problem.
More here.