I saw this issue today when an internal web application on IIS 7 continued to display authentication prompt in Internet Explorer 8.0 and refused to accept any credentials. With valid credentials, the same web application worked in FireFox without any problem. When I analyzed the authentication header using Fiddler, I found that the server was authenticating users using FireFox by NTLM whereas IE users were being authenticated by Kerberos protocol.
Having no idea on why it started happening all of a sudden, I decided to look at the provider setting in IIS 7 and found that the default provider for this web application was Kerberos. Changing it back to NTLM resolved the issue. To do that select your web application in IIS Manager and select “Authentication”. Select “Windows Authentication” and in the “Actions” pane, select “Providers”. In the pop-up window, select NTLM and make sure that it is the first entry.
Note: If you are using Kerberos for your web application, you may get the authentication prompt if your Service Principle Name (SPN) is not setup correctly. Consult Microsoft documentation on how to set it up.
No comments:
Post a Comment