IIS 401 Error Using Windows Authentication and AJAX

K G name 21 Reputation points

Got a website hosted under IIS 10 using Windows Authentication. I can browse to the site but for the sections on the page that use AJAX a login dialog box pops up. Entering in the correct credentials doesn't work and the login box keeps prompting. If I click cancel on the login dialog box, then a 401 error is displayed for the AJAX section. I have confirmed the service account used for the app pool has access to the home folder of the web content as well as the IIS_IUSRS and Users groups. Is there something else I am missing?

I tried a slew of other things:

  • Adding ajax property withCredenitals as true.
  • Turning off extended protection in Windows Authentication Advanced Settings.
  • Enabling/disabling Kernel-mode-authentication in Windows Authentication Advanced Settings.
  • Changing the order of Negotiate and NTLM in Windows Authentication Providers
  • Modifying web.config file to allow anonymous authentication only for Options but denied for Get, Post, Put, Delete.
Internet Information Services
A set of technologies in the .NET Framework for building web applications and XML web services.
3,306 questions
0 comments No comments
{count} votes

Accepted answer
  1. Michael Taylor 49,166 Reputation points

    AJAX calls don't have credentials attached by default. Can you post the code you're using to make the actual AJAX calls on the client side?

    I'm assuming here the entire site is using Windows auth and not just a subset. If you're using legacy ASP.NET code then look in the web.config for the location elements. These determine which URLs need authentication and which do not.

0 additional answers

Sort by: Most helpful