I am using IIS 6.0 and have a virtual directory setup. The server is setup on my company's intranet. Under the security settings, anonymous access is disabled, integrated windows authentication is enabled, digest authentication for windows domain servers is enabled, and the realm has our AD domain address.
Everything works fine with this authentication when the the site is accessed with the URL including the machine name like, "http://myServerName/myWebSite/". However, when we use this format, "http://myIPAddress/myWebSite/", a security box pops up. If credentials are entered in this box, everything works properly. Why is this popping up when the IP Address is used in the URL in place of the machine name?
The reason we need to use the IP Address in the URL is that the URL with the server name is not recognized in all of our locations.
The Microsoft KB article Internet Explorer May Prompt You for a Password has the answer, as an IP address will be treated as in the Internet zone:
Internet Explorer must consider the requested URL to be on the intranet (local). If the computer name portion of the requested URL contains periods (such as http://www.microsoft.com and http://10.0.0.1), Internet Explorer assumes that the requested address exists on the Internet and does not pass any credentials automatically. Addresses without periods (such as http://webserver) are considered to be on the intranet (local); Internet Explorer passes credentials automatically. The only exception is addresses included in the Intranet zone in Internet Explorer.
You can set up DNS so as to resolve server name correctly to IP, or follow the suggestions mentioned in the Knowledge Base article above