Hi All,

Info:
I'm running IIS 6.0
Windows Auth must stay on, Anonymous access must stay off.
We run two websites on our IIS server. Our default (intranet) has an ip specified in the default website properties (on the website tab, web site identification section).
Our other website has an "unassigned" ip address.
I have added a virtual directory to our default (intranet) website

Problem:
When an IP address is specified on our default (intranet) website, the intranet loads correctly no problem. However, when going to any page on the newly created virtual directory, we are prompted with a pop up that asks for the users' username & password.
*We don't want the credentials box to pop up*

If we change the Intranet's IP address to "unassigned" it works properly, no one is prompted for credentials.

Questions:
Is there any performance gain/loss when specifying IP's, or is it just for giving a website more than one name (more or less).

If we keep a specified IP address on our intranet, how do we keep the credential pop up from occuring on the new virtual directory? I've read that might happen if your site is failing Kerberos, but if our Intranet isn't failing, why would the virtual site?

Your help is much appreciated!
Thanks!

This is actually a cliuent issue.  IE won't pass credentials to a site in a zone it doesn't trust.  To remedy this, add the new site/domain/IP into IE's Intranet security zone.

Jeff

I would like to get around that if possible. Our intranet isn't required to be added in on each clients' trusted sites, so why should this? There's got to be a way around it.

Thanks for the help.

It's a feature in IE, there's nothing in ASP.NET you can do about it.  Other than not using Windows authentication.

Jeff