Basic Authentication: IE 11 Does Not Prompt for Credentials - Chrome and FF Do

Question

I have created an MVC application and deployed it to IIS 8.5 on an Azure VM. I specify authentication mode=Windows in Web.Config and Basic Authentication on IIS. So far, everything works as advertised.

Then when I navigate to the application in Chrome and Firefox, I'm prompted for username/password, enter the credentials, and this also succeeds.

But when I navigate to the application in IIS, I get no prompt for credentials and a 401.2 response with this message: HTTP Error 401.2 - Unauthorized. You are not authorized to view this page due to invalid authentication headers.

I've compared the requests and responses in Fiddler. They're substantially the same through the 401.2, but Chrome and FF then prompt for Credentials while IE just displays the error.

When I change Basic Authentication to Anonymous on IIS, the navigation is successful. I've tried temporarily giving the application pool full control, but without success.

Both the WindowsAuthentication and WindowsAuthenticationModule are loaded, and I've set the Default Domain and Realm in IIS.

Any thoughts?

Answer 1

There are two settings in Internet Options that I would try. In the Security tab of Internet Options (IE -> Tools/Gear Icon -> Internet Options), select the appropriate zone for your set and go to the Custom level... options. Scroll all the way down to User Authentication and make sure that Anonymous logon is not selected. I believe any of the other settings should work, but I went with always prompt.

The first setting should be enough for your use case, but if you are trying to authenticate with a different origin (i.e. not the same server where your page is hosted) then you may need to look at the Miscellaneous -> Access data sources across domains setting and change that to Enable.