0

I have developed an MVC intranet application which I have successfully deployed to IIS.

I have enabled Windows Authentication and denied access to anonymous users, however, only some accounts on the domain are able to gain access to the application.

I have checked these accounts and there is nothing special about them that I can see.

The first check for security is Domain Users which everyone is a member of.

All other users are prompted to login but it does not recognize their credentials.

I get a 401.1 - Unauthorized Error

Not sure what else to try. Any suggestions would be appreciated.

Stephen
  • 803
  • 1
  • 11
  • 29

1 Answers1

0

Solution : Folder permission on my wwwroot - Domain Users did not have read access.

=================================================================================

Check that kernel mode authentication is on: Site>Authentication>Windows Authentication>Advanced Settings

Check authorization rules are not blocking users: Site>Authorization Rules

I would test (allow all users) first, does that allow users through?

twoleggedhorse
  • 4,938
  • 4
  • 23
  • 38
  • Kernel mode authentication is on and authorization is set to allow all users. – Stephen Oct 22 '12 at 11:24
  • Also best answer is http://stackoverflow.com/questions/9104748/why-does-my-mvc3-intranet-site-windows-authentication-not-work-when-published – twoleggedhorse Oct 22 '12 at 11:37
  • Yes, have had a look at all of those and made changes based on their suggestions before posing here. I had in my web config not sure if that mattered? roleManager is enabled as I am using it. – Stephen Oct 22 '12 at 11:49
  • Is the app pool running as a particular identity? Did you create an application or a virtual directory? – twoleggedhorse Oct 22 '12 at 11:56
  • Under the Actions pane (on the right) click on basic settings>connect as...is this set to pass through or specific user? – twoleggedhorse Oct 22 '12 at 11:59
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/18402/discussion-between-twoleggedhorse-and-stephen) – twoleggedhorse Oct 22 '12 at 12:03
  • I have tried using ApplicationPoolIdentity and also one of our administrator accounts. I noticed this was set on our Intranet. – Stephen Oct 22 '12 at 12:05