My question for the forum is: why am I being challenged for credentials? Here is my set up:
- Windows Server 2008 R2
- IIS 7.5
- Server operates in a domain A.
- Domain A has a Trust with Domain B.
Site: www.example.com is configured for anonymous access. A subdirectory, named “private”, sits below the site root, and it is configured for Windows Authentication. For the subdirectory, under Authentication >> Windows Authentication >> Providers, the provider order is (1) NTLM, (2) Negotiate. Under Authentication >> Windows Authentication >> Advanced Settings, everything is grayed out. My Domain B account has been granted Full Control over the subdirectory.
I navigate to www.example.com/private/index.htm. I am prompted for a username and password. I enter my Domain B username/password, and I am able to see index.htm. An analysis of the HTTP_Authorization header shows NTLM was used.