2

I'm trying to set up a simple html/css/js only site on my local IIS that uses Windows Authentication.

So far I just a have a c://mysite/index.html file

When I point the default IIS website (i.e http://localhost) to this folder and enable Windows Authentication, I am shown the login dialog when I browse to it. When I enter my creds it then shows the index.html fine. But when I setup a new IIS site (e.g http://local.mysite I have a host entry for this) pointing to the same folder, with Windows Authentication enabled, I cannot get passed the login dialog. It just redisplays as if the login creds were wrong, but I'm entering the same creds as I did in http://localhost.

I have added http://local.mysite to the local intranet zone in Internet Options, but this doesn't resolve the issue. I have also set the application pool of local.mysite to be the same as localhost

Any ideas on why this isn't working?

MakkyNZ
  • 2,215
  • 5
  • 33
  • 53

2 Answers2

0

Finally found the answer.
Issue is the loopback check security feature that's in Windows.

Fix for this can be found here https://support2.microsoft.com/default.aspx?scid=kb;en-us;896861support2.microsoft.com/default.aspx?scid=kb;en-us;896861

MakkyNZ
  • 2,215
  • 5
  • 33
  • 53
0

The original accepted answer unfortunately references an article that no longer exists.

This article contains a step-by-step fix for the issue - it might even be the originally referenced article at a new location.

https://social.technet.microsoft.com/wiki/contents/articles/37337.disable-loopback-check-in-iis.aspx

To sum it up, you need to set the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa value DisableLoopbackCheck to a DWORD of value 1

Check your current value i Powershell:

Get-ItemPropertyValue -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name DisableLoopbackCheck

This should return

1
Sigurd Garshol
  • 1,376
  • 3
  • 15
  • 36