So I've been working on this for a few days, using so many google searches, reading so many posts and tutorials and websites that I'm pretty sure I've exhausted my capabilities for self-help.
I have the following setup:
- IIS 10 on Windows Server 2012 (also Active Directory is on the same machine, this is a test VM)
- Windows Authentication and URL Authentication installed
- ISAPI Rewrite and ISAPI Extensions installed with Helicon's ISAPI Rewrite Filter (because IIS's URL Rewrite refuses to pass the authenticated username to my reverse proxied back-end)
I have 2 users setup for testing, one is part of a group called "Test IIS Access" and the other is just a normal user.
This is my web.config file in the folder:
<?xml version="1.0" encoding="UTF-8"?><configuration><system.webServer><security><authorization><remove users="*" roles="" verbs="" /><add accessType="Allow" roles="EXAMPLE\Test IIS Access" /><add accessType="Deny" users="*" /></authorization></security></system.webServer></configuration>
I've even tried removing both the "remove" entry and the "add Deny" entry, and nothing changes. Any time I try to login to this page from IE on that local machine, it prompts for login, I enter example\testuser (the one with access) and it just prompts 3 times before showing the error 401.1.
Any help troubleshooting this will be greatly appreciated.