Our application is configured to use forms authentication, and on most machines it works great. However, I had a problem with the development environment on one of our developer workstations. When I go to one of the application URLs, for example:
http: //iweb.local/reports/
IIS offers me a password, for example:
(The name iweb.local set in the hosts file to point to 127.0.0.1. This is essentially an alias for localhost. We are setting up the IIS site to use the host header so that we can support multiple applications in the future.)
I wonโt be asked to enter a password if I go to most of the other application URLs, such as http: //iweb.local/ . And I do not ask for a password anywhere, using the same code base on any other developer's machine. The only problem is this car. This makes me pretty sure that this is not a coding problem.
Things I tried:
- Testing with a different web browser. On the machine exhibiting the problem, the problem arises regardless of which browser I use. I get the same invitation in FireFox and IE9.
- Testing on other development machines. That is not the problem. This only happens in a separate developer box.
- Copy code and assets from
~/Areas/Reports to ~/Areas/ReportsTest with the appropriate refactors and download http://iweb.local/reportstest/ . It works; the browser no longer asks for a username and password. However, changing the URL is not an option for our application. - Verify IIS authentication configuration. Anonymous and form authentication are included. Everything else is disabled. This is the same on all developer machines, including those that work, and one that does not.
- Checking the event log. IIS does not write anything to the event log.
- Check IIS Logs. The logs contain entries for successful requests (for example, when I open
http://iweb.local ), but it does not log anything for any requests that prompt the user to enter a password. - Checking request and response headers with FireBug. Request headers seem the same for a request on any URL. The response headers for
http://iweb.local/reports have two parameters for WWW-Authenticate : Negotiate and NTLM . From this, I confirmed that IIS directs the browser to request a password. But I do not understand why. - Disable IIS, set up the World Wide Web Publishing Service to start a startup type so that it does not start automatically and restarts the computer. Then I checked if the requests
http://iweb.local or http://iweb.local/reports/ to the requests. It has also not been confirmed that this is the IIS that processes requests. - Stopping IIS, deleting the entire project from the hard drive of the developer and removing it from the original control. My thought was that it could be a permission problem in one of the folders (although I donโt understand how it could be, given that this is an MVC application), and that this process will ensure that all permission folders are correct. But that didnโt change anything.
- Uninstall IIS completely, restart the computer, and reinstall IIS. That didn't work either.
I am out of ideas. I cannot find anything in this single developer window that is not configured the same as other developer fields.
So: Does anyone know a way to enable a deeper level of logging or tracing to find out why IIS asks for a password? Can anyone think of anything that might be causing this that I haven't looked for yet?
This is an ASP.NET MVC 3 application that runs on IIS 7.5 in a 64-bit environment. The reports portion of the URL is configured as an MVC scope.
UPDATE
My Web.config file defines the authentication mode on the abusive computer.
<authentication mode="Forms"> <forms loginUrl="~/account/login" timeout="2880" /> </authentication>
There is no <authentication> element in the Web.config file for the Reports <authentication> .
Charlie kilian
source share