I have recently upgrade a development enviroment from Windows 2003 to Windows 2008 R2. I also made the necessary change to web.config to support IIS 7.5 / v.4.0 / Integrated mode. It is an Intranet Site with support of Singel Sign On and the site using WindowsRoleProvider and WindowsMembershipProvider to authenticate against our internal Active Directory. Anonymous authentication is not allowed for the site. When i try accessing the site it fails because the web server can not authenticate with my domain user. The only solution i have found for this problem is to add the EPiServer providers to <trustedProviders> in administration.config (c:\windows\system32\inetsrv\config\):
<trustedProviders allowUntrustedProviders="true"> <add type="System.Web.Security.SqlMembershipProvider, System.Web, Version=188.8.131.52, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> <add type="System.Web.Security.SqlRoleProvider, System.Web, Version=184.108.40.206, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> <add type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=220.127.116.11, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> <add type="EPiServer.Security.WindowsRoleProvider, EPiServer" /> <add type="EPiServer.Security.WindowsMembershipProvider, EPiServer" /></trustedProviders>
I have not found any information about this issue in the installation manual for EPiServer 6.Are there anyone else having experience with Windows 2008 R2 / EPiServer 6 / SSO as a development enviroment?
Are you using:
If so then you may find my blog post helpful on enabling Windows authenication on your local development machine:
In particular you may find point 4. useful "Ensure that the machine allows Windows Integrated authentication using a local loopback address"
Let me know how you go.
Thank you for your reply!
Yes, the site is using Windows authentication mode (<authentication mode="Windows"> in web.config). I tried the regedit trick with the "BackConnectionHostNames", but the same error occurs with a login prompt for my domaincredentials. I have not tried to disable loopback check yet. Without the above mentioned trusted providers i am not able to access the site. In a default installation of Windows 2008 R2 it seems like the attribute "allowUntrustedProviders" is set to False. I am talking about the "administration.config" file in C:\Windows\System32\Inetsrv\Config\. How can then IIS 7.5 allow the two untrusted providers from EPiServer to run? Just a thought... it seems a little bit strange for me.
My machinename and localhost is added as allowed local intranet zone in IIS 8.