>I have run into some sort of security related problem while migrating a WC application from my development server to the production server.
>
>There must be something about the production machine's setup that is different somehow from my development server which I do not understand. The machine was set up by another individual and it's configuration is not exactly like the development server. Specifically, on the development server my virtual directories are under the Default Web Site but on the production machine the virtual directories are under a different web site set up on the machine. The physical and virtual directories were all created on the production machine and populated with the application files. I set up the directories and security permissions as close to the development server properties as I could and since I am using Windows NT Challenge/Response for the IIS security settings on the directories and files, like on the development server, as long as a user is logged onto the Domain, they should be granted transparent access by IIS to the web pages. If they are not, then a challenge for userid/password should
>be issued by IIS automatically, but this is not happening. IIS is challenging me on every attempt to access the pages even tho I am properly logged onto the Domain.
>
>Strangely, when I hit the main page, IIS prompts for userid, password and domain and when I enter my data it allows me into the page. When I then try to access a secondary page from a link on the main page, the IIS prompt is displayed again but it rejects my data at this point.
>
>For some reason IIS does not recognize me as logged in with a valid Windows NT Domain account.
>
>At this point I have looked at every setting I know to look at so I am stumped as to what is causing this. What am I missing here?
>
>Thanks,
>Bill

Is it possible that there is a permissions problem on the NTFS side? In other words, make sure that your physical directories give Everyone at least Read access. Remember that even though IIS uses the NT Domain logon information with NTCR, you still need to grant access to those domain accounts to the specific directories. Also, once you access a resource on the server that authenticates you with your domain ID, all other resources will be accessed using that ID; so, if you have other directories that are setup to **only** use anonymous access, you would not be able to access them once you have been authenticated with your domain ID. For those other directories that allow anonymous access, make sure you also have the NTCR option checked; anonymous will be checked first, but if it fails, NTCR will be used next.

Hope this helps.