Error HTTP 401.2 - Unauthorized with windows authorized

Question

I to do:

Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager. In the Connections pane, expand the server name, expand Sites, and then select the site, application or Web service for which you want to enable Extended Protection for Windows authentication. Scroll to the Security section in the Home pane, and then double-click Authentication. In the Authentication pane, select Windows Authentication. Click Enable in the Actions pane. Click Advanced Settings in the Actions pane.

after set in web.config <authentication mode="Windows" />

If I start app from VS2010 - All works well. If else I start app from IIS I have problem. Requested user data I enter Computer\\NameUser. then an error:

Error HTTP 401.2 - Unauthorized You have no right to view this page because of the inadmissibility of the authentication header.

update:

update2: file: C:\\Windows\\System32\\inetsrv\\config\\applicationhost.config

<location path="windowsAuthTest">
    <system.webServer>
        <security>
            <authentication>
                <anonymousAuthentication enabled="false" userName="User" password="[enc:AesProvider:BZ7e2mkTjJL7Wo8xMm2PQKZ2biP1nKB2SjAfw9WmJoBhkMbl4DYqEJU0bzIj3CxF:enc]" />
                <windowsAuthentication enabled="true" useKernelMode="false">
                    <extendedProtection tokenChecking="None" />
                    <providers>
                        <clear />
                        <add value="NTLM" />
                        <add value="Negotiate" />
                    </providers>
                </windowsAuthentication>
            </authentication>
        </security>
    </system.webServer>
</location>

Answer 1

之后，您要访问站点的安全性，必须为用户窗口添加权限。

Answer 2

Take a look at my previous answer .

Basically, that means that the authentication ticket does not match the expectation of the server.

You should force the server to use NTML or Kerberos (depending on your authentication strategy).

[Edit] as appcmd can be a bit obscure, here is the manual stop to force NTLM authentication.

1. Navigate to C:\\Windows\\System32\\inetsrv\\config
2. Backup, Backup, Backup and rebackup applicationhost.config
3. To be sure backup again
4. Open the file applicationhost.config with your favorite xml editor
5. search for the node <location path="Your web site name/yourapplication">

6. Setup the correct authentication provider :

   
   
   

The important part is that there is the <clear /> node. This will break inheritance from the global configuration.

This can be applied to the whole IIS server, or a specific web site, or (like here) a specific web application).

I'm not sure, but I wonder if this can be set in the web.config within the app directly instead of the IIS config file. This merits to be tested.