We are in the process of upgrading to a new server. Our old one was a Go Daddy dedicated server, which we managed ourselves. We are having Go Daddy migrate our web site to a newer, faster dedicated server.
As we went through the testing of the new server we found that pages that were in a directory called reports were popping up an authentication box in the browser whenever we would try to browse to them.
We tried checking the permissions on that folder and files and everything seemed fine. We added permissions to try to help, but it did not fix it.
We tried moving the files to another existing folder and that worked, but we didn't want those files there.
We tried creating a new folder, moving the files there, deleting the old folder, and renaming the new one to reports. We thought that perhaps the directory had gotten corrupted or something, but it didn't fix it.
We renamed the folder to report and that fixed it. At first we thought the server didn't like the folder name reports. They we got to thinking maybe it doesn't like the routing. We are routing requests that come into server/reports/ReportName to server/reports/ReportName.aspx.
We tried just changing the routing, but that did not work.
We have now left it alone, but our newest theory is that maybe the new server has Reporting Services installed on it and it grabs requests to server/reports for itself.
I started getting the Windows Authentication popup again today. This time what I had done was copy our website to another fold, create a new web site, and point the new site to the copy. When I tried to bring up the home page I got the Window log in box. I tried various different settings in IIS and also security settings on the folder with not luck.
I finally looked at the Authentication section of the website in IIS. You get to this by clicking on the website in the left pain of IIS Manager, then clicking Authentication under the IIS section in the right pain.
I looked and saw that Anonymous Authentication was enabled, which seemed like the right value, so I left it alone for a while. I went back to it later and right clicked on it. Turns out there is an edit sub menu. I clicked it and it gave me a screen to pick which user's identity to run under. It was set to specific user and had a user name selected. I'm guessing I could've picked another user or went somewhere else and given that user more rights.
Instead what I did was told it to use the application pool identity. Once I did that I tried my website again and no more being asked for login credentials. Not sure what the ramifications of this are, so if you find that it is insecure to do that, then maybe the picking a specific user or giving the default user sufficient rights is what you want to do.