Windows Authentication works for me but not anyone else

Question

I am trying to convert the authentication for my application from forms authentication to windows authentication. Having made the conversion and deployed to test server, I find that I have access, but 2 colleagues in the same security group do not. They get to the site, but are prompted for login+password. The security groups are set up in AD and are used as roles. I am very confused about this, I am not sure what to do next to try and fix this. So for more details. My web.config is set as follows:

<authentication mode="Windows" />
<authorization>
  <deny users="?" />
</authorization>

The controller containing the first page is set to

[Authorize(Roles = @"domain\Role1, domain\Role2, domain\Role3")]
public class ContractController : BaseController

(the role names have changed). Myself and my 2 colleagues are set to Role 3. IIS on the test server for this project is set to:

So what else do I need to do to get this to work?

Answer 1

The problem I found was that the folder where the project has been deployed to needs to have it's security settings reset to include the 3 roles.

Answer 2

You need to disable Anonymous Authentication in this scenario. See https://msdn.microsoft.com/en-us/library/gg703322%28VS.98%29.aspx.

Check there are no spelling mistakes in any Role names (you have Role 3 and Role3 in your example, though I realise that doesn't correspond to the actual code).