I have an application published via IIS 8.5 on Windows Server 2012 that can leverage Windows-integrated credentials for SSO. Users can successfully sign in to the application and navigate to the vast majority of aspx pages. However, when users attempt to sign in to a particular aspx page, they receive a Windows authentication prompt where they must populate their domain credentials 10 literal times before it allows them to access the page.
From an IIS perspective, for the app's virtual directory, we have ONLY Windows authentication specified. I can work around the problem if I turn on Anonymous Authentication (users are not prompted with the Windows Authentication prompt when they attempt to navigate to the aspx page), but this obviously breaks the end users' ability to sign in using Windows-Integrated credentials--which is unacceptable to them. As such, I suspected this was some sort of an issue with NTFS/share permissions to one of the ASPX pages or the app's DLLs. However, I've checked all of the relevant flat file permissions ad nauseum to no avail.
I have done the following: -I have checked the permissions for the aspx page users are attempting to access, and from an AD perspective, everything seems okay. Users appear to have the correct permissions. -The issue does not occur when signed directly in to the app server. -Domain admins also experience the issue when signing in to the app via a client workstation. -Run a Fiddler and Wireshark trace, and as expected, I'm encountering a 401 error. -Issue does not occur for users who integrate into the app using non-Windows credentials.
I'm about out of ideas in terms of things I can check--does anyone else have any thoughts?