Hi IIS experts,
I have a nagging issue for the past week. Been trying this for the past 1 week to no avail.
Here's the problem:
I developed a simple web application for our intranet and deployed onto the server IIS. WebApp is using Windows Authentication with impersonation. I even move the NTLM provider on top of the Kerberos one. AppPool is running on Network Service with integrated mode. Folder permission given to all users under my domain, basically everyone can access if they are windows authenticated user.
My application will perform the authorization within. Here is how I set up my authorization.
All users have access to the root. Within the root folder, there are sub folders restricted to different roles.
E.g. In Root -> Admin folder, inside the Admin folder I have a web.config to restrict access.
<allow roles="Admin">
<deny users="*">
All users will be denied access to the admin folder, only users with the Admin role can access the content/forms in this folder.
Now here come's the issue, I have no problem accessing the resource/web form if I have the correct role in place. The issue comes when I attempt to access the resource when I do not have that role. The browser will keep prompting me for credentials 3 times before throwing me the 401 error page. My expected output should be the 401 error page immediately without the unnecessary prompts for credentials.
I suspect it to be some IIS settings issues or folder level permission settings. There is no issue in displaying and accessing web forms when given the correct roles. I just don't want to have the persistent prompts and just direct me to the 401 error page immediately. That would solve my problem, any experts able to tell me what I am doing wrong for the IIS settings?
Your kind help is greatly appreciated. Thanks.