I'm developing an ASP.NET application for an intranet site that is using Windows/NTLM/WIA/whatever authentication. The application is hosted on a Windows 2k8 server but is accessed through a Reverse Proxy using IIs7 on another 2k8 machine.
Authentication works fine in FireFox, Chrome and Safari but fails in IE8. If I circumvent the Proxy and access the application server directly then it works fine so it has something to do with proxy.
There's nothing in the Event Viewer on any of the 3 machines to indicate what might be happening.
If you connect using IE8 it prompts for your credentials instead of automatically passing them, yes I've setup an explicit trust over an above the domain trust, but it still errors out with a 401 error returned from the proxy.
Any ideas where to start troubleshooting this?
Turns out that IIS 7 reverse proxies do not support Kerberos Authentication so you have to disable it on your backend servers so they use NTLM.
Unfortunately on 2k8 there's no easy way to do this, you have to mess around with the registry. In 2k8 R2 however there are GUI options in IIS 7 for managing Authentication Providers.