I have a problem with an ASP.NET application that was running on IIS 6/Windows 2003, and has recently been deployed to a new server, also running IIS 6 and Windows 2003.
It is using Integrated Windows Authentication, which works (or defaults back to Basic) in the following situations:
- Offsite/outside the network, using
the fully qualified domain name, e.g.
www.school.com/intranet/ - Onsite/in the network, using the
server's name, e.g.
web-machine/intranet/
However, using www.school.com/intranet/ when inside the network, whether on a domain-connected computer or not, the authentication immediately fails, with:
Error message 401.2.: Unauthorized:
Logon failed due to server
configuration. Verify that you have
permission to view this directory or
page based on the credentials you
supplied and the authentication
methods enabled on the Web server.
Contact the Web server's administrator
for additional assistance.
It does not default back to Basic authentication, and there are no messages in the Event Viewer on the server.
In IIS 6, the Directory Security for the Virtual Directory is set to allow anonymous access (some pages do not require authentication), and integrated windows authentication.
Because the server it was on died, I don't have access to its configuration, so I can't tell what I'm missing. It used to run under ASP.NET version 1.1.4322 but now runs under 2.0.50727, but I don't believe that should matter.
As everything works, but depends solely on the URL used, I'm not sure what the problem is.
Best Answer
By default, integrated windows authentication is only used for the "local intranet" zone in Internet Explorer. Thus, if www.school.com isn't recognized by IE as being a part of the local intranet, integrated authentication won't work.