Tutorial :Asp.net Internet explorer prompts a credential window


I just uploaded a project to my hosting, is a asp.net mvc project with authentication. Just when i enter the web internet explorer prompts a credential windows. If I cancel, the web works correctly. The web works correctly also in local using the visual studio server.

More information:

"Allow Anonymous Access" is checked and the "Basic Authentication" too, but the promt is shown with Basic authentication checked or not.

Also I uploaded a very basic mvc application with authentication and the prompt is not showing, so it does'nt seem's to be an IIS configuration problem.

Also the prompt is showing in both Internet Explorer and firefox, but isn't in Chrome.

Do you have any clues?



It sounds like you have set the authentication mode to Windows? Can you check the Web.config file. If you are intent is to use Forms authentication, you should change it accordingly


Most likely is that you need to allow anonymous access in the IIS configuration manager. Even if your web.config specifies Forms Authentication (or Authentication is set to "None") if IIS is set to disallow anonymous access, then users will be prompted by IIS before the ASP.Net authentication mechanism kicks in.


I see this behavior if the "Allow Anonymous Access" is checked and the "Windows Authentication" is also checked.

This is all under the "Directory Security" task in the properties for your web site in the IIS manager.


See info below about IIS:

IIS Authentication


Anonymous authentication gives users access to the public areas of your Web site without prompting them for a user name or password....

Basic(uncheck this)

IIS implements Basic authentication, which is part of the HTTP 1.0 specification, using Windows user accounts. When using Basic authentication, the browser prompts the user for a user name and password. This information is then transmitted across HTTP where it is encoded using Base64 encoding. Although most Web servers, proxy servers, and Web browsers support Basic authentication, it is inherently insecure. Because it is easy to decode Base64 encoded data, Basic authentication is essentially sending the password as plain text.



For this to work only anonymous access should be checked in IIS. Otherwise the browser will try to authenticate if possible.


If you are serving "static content" with your site, the default webroot from which the application is configured under needs these settings as well. (Usually "Anonymous" as only-checked-box).

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »