Asp – Windows Authentication Only Works With hosts entry


I'm setting up a (ASP.NET) website to be used internally at my company. In IIS, I've turned on Integrated Windows authentication and turned off anonymous access. Once I've done this, the website pops up the "enter your username/password" box whenever you visit the site, but won't log you in even if the username/password are correct. This happens even if you're logged in to your computer with a domain account as opposed to a local account.

However, if I enter the IP of the site in my hosts file, the site works perfectly (logs the user in without the additional challenge).

I guess I have two questions.

1) Why does the hosts entry have this affect?

2) How can I get the site to succeed without a) forcing everyone to edit their hosts file or b) the site challenging them and failing to log them in?

EDIT: I checked, and we do have our DNS server set up to point those URLs to the correct servers. That's why pinging the URL displays the right IP. However, it appears that in addition to having that DNS entry, we also have to have the hosts file entry for the site to work.

Best Solution

You probably are having an issue with Kerberos authentication.

Since you're using a url of, I'm assuming is your AD's name also.

On the server that's running IIS, copy SetSPN.EXE from the resource kit tools and run the following:

setspn -A http/ IISServerName

Where SITE is your URL and IISServerName is the name of the server.

Related Question