Windows authentication fails on Commerce server site

When you browse to the commerce server site, and the browser prompts for the windows authentication, after you provide the correct credentials, if you get an error mentioned below, follow the solution to fix it.

HTTP Error 401.1 – Unauthorized
You do not have permission to view this directory or page using the credentials that you supplied.

Solution:

The issue here is that modern versions of Windows (Windows XP SP2, Windows Server 2003 SP1 and up) include a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.

This can be resolved by either explicitly specifying host names or by disabling the loopback check. Obviously the former being the more controlled approach.

  1. Set the DisableStrictNameChecking registry entry to 1
  2. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  3. Right-click MSV1_0, point to New, and then click Multi-String Value.
  4. Type BackConnectionHostNames, and then press ENTER.
  5. Right-click BackConnectionHostNames, and then click Modify.
  6. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
  7. Quit Registry Editor, and then restart the IISAdmin service.

Full details of how do to this can be found on MSDN: 896861

 

Windows authentication fails on Commerce server site

Leave a Reply

Your email address will not be published. Required fields are marked *