A few days ago I posted this question about a problem I was having accessing a web site hosted on one of our server. When I used HTTPS rather than HTTP I was being prompted for login credentials unexpectedly. As the accepted answer suggested, the problem was solved by adding the URL to my Intranet Zone in Internet Options, and I've since done some reading and discovered that if a URL contains periods (which ours does when we use HTTPS so as to match the SSL certificate), Windows assumes it belongs to the Internet Zone (and therefore prevents automatic Windows authentication) even if it's part of the same domain as the client computer. By adding the URL manually to the Intranet Zone, automatic authentication works as expected.
So, this all works fine with one exception. The fix does not work on the web server hosting the website. I've added the web server's URL to the Intranet Zone on the web server but it continues to prompt me for credentials when I try to access a web page on that server. I've tested the same configuration on another server and found the same issue. It seems that adding a sever to the Intranet Zone has no effect when you browse to a website hosted on that server from a browser on the same machine.
This is a problem for us because I need a web site on the server to call a web service hosted on the same server, and at the moment it fails due to the authentication issue. I could HTTP rather than HTTPS, which works (because I can just use the hostname without the domain - no periods), but I'm not comfortable with that as the data is sensitive and I'm not completely sure that the traffic isn't being routed over the network, even though both the website and the web service are on the same box. I'm not a DNS expert by any means.
Has anybody else encountered this issue whereby Intranet Zone settings are seemingly ignored on the server when browsing to sites hosted on itself? Is there any way to fix this?
