Windows Authentication not working in IIS after adding Bindings.

Inderpal Singh 1 Reputation point
2020-11-26T13:35:25.637+00:00

I have a working website on current server that is in same domain where users are.
eg: serverName01.abc.com and website is website1.abc.com

now we are migrating the website to a new server this server is part of another domain but there is trust enabled b/w domains.

servername02.xyz.com and website name also will change to website2.xyz.com

the users are all still in abc\user1

Website is using windows authentication which works fine if I browse the website as http://localhost:80 (or some other port as well)

when I add website name as binding windows authentications stops.

I tried some solutions which require creating a multi-string value key named BackConnectionHostNames in regedit.
if i put in the website name it started working.... but stoped after a while (next day)... i again deleted and re created that key in regedit which again worked but stopped after a while.

is there a permanent solution to this please help.

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,059 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,698 questions
{count} votes

5 answers

Sort by: Most helpful
  1. Grzegorz Oronowicz 10 Reputation points
    2023-10-16T14:01:04.2833333+00:00

    I was able to resolve this by adding BackConnectionHostNames

    Method 1: Disable the loopback check

    Follow these steps:

    1. Click Start, click Run, type regedit, and then click OK.
    2. In Registry Editor, locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

    1. Right-click Lsa, point to New, and then click DWORD Value.
    2. Type DisableLoopbackCheck, and then press ENTER.
    3. Right-click DisableLoopbackCheck, and then click Modify.
    4. In the Value data box, type 1, and then click OK.
    5. Quit Registry Editor, and then restart your computer.

    Method 2: Specify host names

    To specify the host names that are mapped to the loopback address and can connect to Web sites on your computer, follow these steps:

    1. Click Start, click Run, type regedit, and then click OK.
    2. In Registry Editor, locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

    1. Right-click MSV1_0, point to New, and then click Multi-String Value.
    2. Type BackConnectionHostNames, and then press ENTER.
    3. Right-click BackConnectionHostNames, and then click Modify.
    4. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
    5. Quit Registry Editor, and then restart the IISAdmin service.

    Full reference : https://www.betaarchive.com/wiki/index.php/Microsoft_KB_Archive/896861

    2 people found this answer helpful.
    0 comments No comments

  2. Inderpal Singh 1 Reputation point
    2020-12-10T14:52:17.503+00:00

    @Sam Wu-MSFT Sorry for being so late.... Only Windows Authentication is on with providers as Negotiate and NTLM..

    Authentication works on localhost:90 (randomly used port 90 as default website takes port 80)
    but when I add URL binding to website it keeps asking me for Credentials and fails after 3 attempts.

    seems like some issue with cross domain authentication. I am not an expert in AD I have a little knowledge... but that dosent seems to be enough for solving this.

    I have been stuck on this issue for a long time now, Any and all help will be highly appreciated.


  3. Inderpal Singh 1 Reputation point
    2020-12-10T15:36:22.153+00:00

    I Disabled the windows authentication and enabled Basic authentication and the application is working now.

    I will monitor for few more days and let you guys know if this solved the issue permanently.

    Yes, the URL is a FQDN,

    Thank you for the help.

    0 comments No comments

  4. JoyDutt 816 Reputation points
    2020-12-10T16:00:17.573+00:00

    When you were trying on http://localhost - it was working as it was using the local admin credentials and you were logged in with admin rights.
    Moving away from windows authentication and using basic authentication should help and resolve this. Ideally, later you may give a thought on security part.

    0 comments No comments

  5. Scott Willis 1 Reputation point
    2022-10-31T19:34:52.887+00:00

    Hi There - did you ever resolve this. I am having the exact same issues.
    Thanks

    0 comments No comments