I have a MVC4 application which is using Windows Authentication. Both my computer (developing) and the host server are running IIS 7.5 and are on the same domain. The application has it's own app pool which is using NetworkService identity. The application only has Windows Authentication enabled.
During development I didn't have any security, I was just showing the user's name. This worked fine on my local IIS, and on the server's IIS, from multiple computers with multiple users.
As soon as I add an AuthorizeAttribute I start getting prompted for credentials, in both Chrome and IE. Using Fiddler I can see that an NTLM authentication header is being sent, but apparently ignored. If I go ahead and enter my credentials, I'm allowed access.
This is happening both locally and on the server, when trying to view the site remotely and locally (remote desktop). Removing the AuthorizeAttribute again instantly means I don't get the prompt.
I've done a lot of searching and tried a few long shots with no success. What else should I try?
Thanks.
The issue is likely with your browser configuration. Browsers don't allow all sites to use NTLM by default. IE only allows sites in the Intranet zone to authenticate using NTLM and it seems Chrome has replicated that behaviour by now.
So, to get your site working go to the Internet Options in Internet Explorer and add your domain to the Intranet sites.