IIS 7 and Above
IIS WIndows authentication not working for other users in the same do...
Last post Mar 01, 2019 04:53 AM by lextm
Feb 28, 2019 09:33 AM|Kesiya|LINK
I have published a website which uses windows authentication and it is working for the machine on which the site is deployed. When any other users in the same network try to access the website. It will prompt for credentials again and again and not allowing
the user to access the site.
In IIS NTLM is used as the provider for windows authentication.
What is the expected root cause behind this issue?Thanks for all responses in advance
Mar 01, 2019 01:57 AM|Jalpa Panchal|LINK
You are almost running into the Windows loopback check that was introduced with IIS 5.1. This is a security feature to avoid certain types of reflection attacks against the system.
This article described workarounds for this issue.They basically modifying the registry to either disable the loopback check, or to allow certain hostnames (e.g. your local host name or site name) to back-connect.
You could basically disable the check via power-shell:
New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name "DisableLoopbackCheck" -Value "1" -PropertyType dword
You can also refer below article for more detail:
Mar 01, 2019 04:53 AM|lextm|LINK
You are almost running into the Windows loopback check that was introduced with IIS 5.1.
Pardon. Loopback check only blocks Windows authentication from the same server, but not from other machines.