I have a public website that allows for anon access and a subfolder that I have enabled windows auth as to restrict users. When I try to access the site it gives me a 401 unauthorized error due to invalid credentials but never asks for a username/password. I can access it on the vpn(local) just fine as it passes the credentials automatically I assume. Does anyone know why I would not get the prompt for a username/password? IIS7, Windows Server 2008 with windows authentication enabled.

Hi, try temporarily disabling your pop-up blockers on the web browser that you are testing the access. Usually the prompt for the login username and password will be in the form of a pop-up window.

The username and password dialogue is not a popup window when you enable windows authentication. it will look something like this http://www.zoneedit.com/auth/. a popup block will not affect it.

Hi, anonymous authentication by definition enables users to access public areas of your web site without a prompt for a username and password. When the "anonymous access" setting is enabled, the IIS server creates a toke with the login credentials from the IIS server settings. That would probably explain why you don't see a prompt. Your web server will assign the user to the IUSR_<computername>. The <computername> is the IIS server name. Is the web browser that you are using IE? IE usese integrated windows authentication and will attempt to obtain credentials from the requesting computer. If IE cannot obtain the credentials, the browser's session is anonymous and will prompt.

No, as I said I am using Windows Authentication, so anon auth is disabled. The problem is I am NOT getting the prompt when I WANT to get it, when I expect it. I have tried IE and Chrome with the same results (401 error).

Hi, the most common areas that generate a '401 denied by invalid user credentials' include: * Kerberos authentication fails * Local/domain policy or user rights assignment prevent user from accessing the server * Setting of the AnonymousPasswordSync metabase key * When anonymous access is configured Other thoughts...are you using ASP.Net Forms authentication and IIS 7 in the same application? I ask because in an integrated mode, both the Windows and Forms authentication run during a single stage authentication (instead of two-phase authentication). The run is in the order of Windows, then Forms. Forms authentication's 302 redirect is incompatible with the 401 challenge used by Windows authentication, thus breaking the Windows authentication. If this is the scenario, then it would be logical to try to separate the Windows and Forms authentication.

I am not using forms authentication anywhere in the application or sub sites. I only have Windows Authentication enabled for this directory in IIS7. the main site has Anon access enabled and is working correctly. to your 4 points...I can access the site just fine over intranet/vpn so it make me think it can authentication fine if passed the credentials, but I am really new to IIS7 and it's methods of authentication. I have a very simular settup on my local machine using windows authentication, vista, IIS7. I access my machine from a remote desktop and I get the prompt to enter a username/password. So, I can only conclude that I have something setup wrong on my production machine, but everything looks fine. It is fustrating.