One issue I have encountered over and over in recent development is a "401.1 Unauthorized: Login failed" message when browsing a local host headered website using integrated security. No matter what I check, everything indicates I should have access to the site, yet I still get the error!
Recently I have found the most likely the cause of this issue is a new feature in w2k3 SP1 or Windows XP SP2, called the loopback check security feature. It's a new feature that is designed to help prevent reflection attacks on your computer and causes authentication to fail if the FQDN or custom host header does not match the local computer name.
I have found the easiest thing to do is disable the check, and everything then works again. If you think you are suffering from this issue then take a look at the MS kb article http://support.microsoft.com/kb/896861/, it explains the issue and how to disable the check.
I do all my development work locally and host header everything in a w2k3 environment. I have encountered this issue when working with CRM3.0 calling web services, MCMS when trying to edit content, and EPiServer when developing Intranet type sites.
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment