I have an an intranet website running under IIS6 (under a specific port, not the default one) with a integrated windows authentication enabled and uses an application pool configured with a service account. the issue is, if I access the website using the server name with a fully qualified domain in the URL, it throws a login prompt (doesn't work even if enter my windows login credentials), but if I use the IP address of the server then it works fine. Please let me know what I need to do to get the URL with server name working. for example http://servername:8080/default.aspx throws login prompt, but http://ip address:8080/default.aspx works fine
I am experiencing the same problem. I believe it is something to do with Kerberos authentication mechanism. If it resorts to NTLM it will work (which it does when using an IP address). Kerberos requires an SPN registered on Active Directory for it to work. Kerberos also won't allow you to have application pools running under different accounts but with the same server name. In these situations you should have an alternate name for the site and register that with Kerberos. However, I haven't actually resolved the issue yet so these are just suggestions.
Two possible problems come to my mind:
The DNS server in your network is not resolving
servernameto an IP- Run
Ping servernamefrom the command line to check if the name brings the IP expected - edit the
C:\Windows\System32\drivers\etc\hostsfile and add the server name and IP address
- Run
The
Bindingsin IIS6 does not expectservername- Make sure that
servernameis included in the list or theHost Header Namefield is empty
- Make sure that
I had exactly these symptoms when the web server had its IP address changed due to a new internal IP addressing scheme. Pass through authentication worked from the webserver itself but not from any other system. From other systems, using the host name in the URL caused IE to prompt for credentials which were always rejected, using the IP address in the URL caused IE to prompt for credentials which were accepted. After chasing a lot of red herrings we suspected that the server was caching credentials against the old IP address, so we rebooted the server and it all came right.
Try this. I had exactly same problem and it fixed it for me (I'm the linked thread)
I set my AuthenticationProvider for my website to "NTLM, Negotiate"
Following these instructions: http://support.microsoft.com/kb/215383
With a slight change to their instruction to set provider of course
mine:
cscript adsutil.vbs set w3svc/WebSite/root/NTAuthenticationProviders "**NTLM, Negotiate**"
You can get the Website ID by clicking on the "Web Sites" folder on the left in IIS. This should list all your website with their ID
Thanks to Nick's answer that lead me to it
来源:https://stackoverflow.com/questions/4716618/authentication-issue-with-an-intranet-website-running-under-iis6