ASP.NET Windows Authentication works with IP address in URL, but not dns

Question

I've set up an ASP.NET intranet website with

From another pc: It works perfectly fine if I access it via IP e.g http://11.11.11.1:88/Default.aspx

Unfortunately, when I go to http://MyWebsite.mycompany.com:88/Default.aspx I get a login box popping up.

If I enter username/pass it just rejects it, and I can't get access

From the server: Both IP and DNS alias work. So no problems while on the server itself

Anonymous user access is disabled

Any ideas?

Any suggestions on what further info I can give to help solve this?

Additional:

• Accessed via IE only (6 and up)
• I use IIS 6.0
• Username in Domain\Username format
• Config set to <deny users="?">
• AppPool identity as Domain\zWhatever (used for windows auth to sql db)
• AppPool identy user is in IIS_WPG group, plus is admin on server

Answer 1

Ohh riiight. Got it!

I changed my AuthenticationProvider for my website from "Negotiate, NTLM" to "NTLM, Negotiate"

Following these instructions: http://support.microsoft.com/kb/215383

With a slight change to their instruction to set provider of course

mine:

cscript adsutil.vbs set w3svc/WebSite/root/NTAuthenticationProviders "**NTLM, Negotiate**"

You can get the Website ID by clicking on the "Web Sites" folder on the left in IIS. This should list all your website with their ID

Answer 2

In Internet Explorer options, add MyWebsite.mycompany.com to your list of Trusted Sites.

In Internet Explorer:

• select "Tools"
• select "Internet Options"
• click the "Security" tab
• click the "Trust Sites" icon
• click the "Sites" button
• enter the website domain
  • e.g., http://MyWebsite.mycompany.com:88 (use https if possible)
  • if the website doesn't have SSL, un-check "Require server verification (https:)"
• click the Add button (don't forget this part)

For Firefox, it's also pretty simple to configure NTLM authentication.

For Chrome NTLM, see this thread.