IIS Digest repeatedly asking for authentication

I have a development copy of an ASP.NET intranet site checked out and running on my local machine. We're using digest authentication to allow users to log in using their active directory accounts.

On my development copy only, Digest sometimes will repeatedly prompt for login information usually ~9 times per page request. After repeatedly logging in (or it also works to cancel out of 8 out of the 9 prompts), I can use the site as normal.

I cannot pinpoint what is triggering the issue. Sometimes this problem triggers upon the next page request, sometimes after I edited/saved/refreshed a page, and sometimes it doesn't happen at all.

Each prompt triggers several logon (Event ID 4624 & 4672) security events in the Events Viewer. Shortly after each burst of logon events, I'll see a burst of logoff events (Event ID 4634)

A co-worker who has a nearly an identical setup (Windows 7, IIS 7) is not experiencing the issue. Our production copy (that is running on a different server) also does not experience the issue. We've tried to compare our settings in IIS, not really finding any differences.

I'm using chrome but I've experienced the issue in other browsers.


Solution 1:

If this app is for internal use only I would recommend using integrated auth rather then digest. For apps without built in web-form auth like yours, 99% are integrated (AD auth pass through) or basic auth over SSL.

Also, Digest doesn't always work with AD and depends on settings in AD and in each user. Google things like "digest auth active directory" or "digest reversible encryption" so see the issues people have with it.

Other things to look at are NTFS permissions on files/folders, and if anonymous is enabled (it shouldn't be).