IIS 7.5 is prompting for a username and password

Question

Our application is configured to use Forms Authentication, and on most machines it is working great. However, I am having a problem with the development environment on one of our developer workstations. When I go to one of the URLs of the application, like this:

http://iweb.local/reports/

IIS prompts me for a password, like this:

(The name iweb.local is set up in the hosts file to point to 127.0.0.1. Essentially it is an alias for localhost. We configure the IIS site to use a host header so we can potentially support more than one application in the future.)

I am not prompted for a password if I go to most other URLs in the application, such as http://iweb.local/. And I am not prompted for a password anywhere using the exact same code base on any other developer machine. It is only this one machine that is having the problem. This leads me to be reasonably confident that this isn't a problem with the coding.

Things I have tried:

• Testing with a different web browser. On the machine exhibiting the problem, the problem happens no matter what browser I am using. I get the same prompt in FireFox and IE9.
• Testing on other developer machines. The problem doesn't happen on those. It only happens on the single developer box.
• Copying the code and assets from ~/Areas/Reports into ~/Areas/ReportsTest, with the appropriate refactors, and loading http://iweb.local/reportstest/. That works; the browser no longer prompts for a username and password. However, changing the URL is not an option for our application.
• Checking IIS authentication configuration. Anonymous Authentication and Forms Authentication are enabled. Everything else is disabled. This is identical on all developer machines, including the ones that work and the one that doesn't.
• Checking the Event Log. IIS is not logging anything to the event log.
• Checking the IIS logs. The logs contain entries for successful requests (like when I open http://iweb.local), but it does not log anything for any requests that prompt the user to enter a password.
• Checking the request and response headers with FireBug. The request headers seem identical for a request to either URL. The response headers for http://iweb.local/reports has two options for WWW-Authenticate: Negotiate and NTLM. From this, I have confirmed that IIS is directing the browser to prompt for a password. But I'm no closer to understanding why.
• Shutting down IIS, setting the World Wide Web Publishing Service to have a Startup Type of Manual so that it won't automatically start up, and rebooting the computer. I then checked to see if either http://iweb.local or http://iweb.local/reports/ were responding to requests. Neither were, confirming that it is IIS that is handling the requests.
• Stopping IIS, deleting the entire project from the developer's hard drive, and retrieving it from source control. My thought here was that it might be a permission issue on one of the folders (though I don't understand how that could be, given that this is an MVC application) and that going through this process would ensure that all folders had the correct permissions. But it didn't change anything.
• Completely uninstalling IIS, restarting the computer, and re-installing IIS. This didn't work either.

I am out of ideas. I cannot find anything on this one developer box that isn't configured the same as the other developer boxes.

So: Does anyone know a way to enable a deeper level of logging or tracing to figure out why IIS is asking for a password? Can anyone think of anything that may be causing this that I haven't already looked for?

This is an ASP.NET MVC 3 application running on IIS 7.5 in a 64-bit environment. The reports portion of the URL is configured as an MVC Area.

UPDATE

In my Web.config file, this is how the authentication mode is set up on the offending machine.

<authentication mode="Forms">
    <forms loginUrl="~/account/login" timeout="2880" />
</authentication>

There is no <authentication> element in the Web.config file for the Reports area.

Answer 1

If there is a folder in the application named "Reports" and SQL Server Reporting Services are installed on the server, then Reporting Services Virtual Directory folder that is also named "Reports" will be in conflict with the application "Reports" folder. To fix this open Reporting Services Configuration Manager (Start->All Programs->MS SQL Server->Configuraton Tools-> Reporting Services Configuration Manager) and change the Virtual Directory from "Reports" to any other name ("TestReports") under the "Report Manager URL" in the menu on the left.

This will solve the IIS authentication issue