Unable to run IdentityServer3 in IIS

Question

I have downloaded the code for IdentityServer from here. When running the IdentityServer3\Host.Web solution in IIS Express, I am able to authenticate from a console client using the TokenClient.RequestResourceOwnerPasswordAsync method.

However, as soon as I switch IdentityServer3\Host.Web to run directly under IIS, I get the following error:

HTTP Error 401.1 - Unauthorized 
You do not have permission to view this directory or page using the credentials that you supplied.
Most likely causes:
- The username supplied to IIS is invalid.
- The password supplied to IIS was not typed correctly.
- Incorrect credentials were cached by the browser.
- IIS could not verify the identity of the username and password provided.
- The resource is configured for Anonymous authentication, but the configured anonymous account either has an invalid password or was disabled.
- The server is configured to deny login privileges to the authenticating user or the group in which the user is a member.
- Invalid Kerberos configuration may be the cause if all of the following are true:
    - Integrated authentication was used.
    - the application pool identity is a custom account.
    the server is a member of a domain.

What do I have to configure differently to get IdentityServer3 to work under IIS?

Answer 1

Solution 1:

It looks like a solution to this is to change the authentication type to PostValues:

var client = new TokenClient(
            authenticationUrl,
            "carbon",
            "21B5F798-BE55-42BC-8AA8-0025B903DC3B",
            AuthenticationStyle.PostValues);

var token = await client.RequestResourceOwnerPasswordAsync("bob", "secret", "api1");

Note that you must set the AuthenticationStyle in the constructor. Setting it after construction is problematic because the authentication headers are conditionally created in the constructor.

Solution 2:

Disable "Basic Authentication" in IIS Settings.