Your official information source from the .NET Web Development and Tools group at Microsoft.
If you have downloaded the RTM version of SP1 for Visual Studio 2008, you may get an error when trying to debug a Web Site with a host header on IIS 6 or IIS 5.1. The error message reads: "Unable to start debugging on the web server. An authentication error occurred while communicating with the web server. Please see Help for assistance."
(Figure 1: Error Message when debugging a Web Site with a host header. In this case, the host header is www.test.com)
This issue only appears on Web Sites configured with a host header on machines with IIS 6 or IIS 5.1 and the RTM version of the .Net Framework 3.5 SP1.
Lukasz Pawlowski, a program mangager on the Reporting Services team, published a great blog post describing the cause and explanation of the authentication error. Paraphrasing Lukasz:
"This error is caused by a security change made to the .Net Framework in SP1. The .Net Framework 3.5 SP1 now defaults to specifying the Host Name used in the request URL in an SPN in the NTLM authentication package. The NTLM authentication process includes a challenge issued by the destination computer and sent back to the client computer. When Windows receives a challenge it generated itself, authentication will fail unless the connection is a loop back connection. When a Web Site is configured with a host header, the host name is neither the machine name nor the loop back IP address nor the machine's IP address, so Windows fails the authentication requests."
If you are interested, Lucasz describes the issue in much more detail and provides a link to information about the attacks this change protects against. Full Post
There are two possible work-arounds. The recommended approach is to map your host header name to the loop back address in the registry. The steps are listed below. A less secure work around is to disable the loop back check, as described in http://support.microsoft.com/kb/896861.
1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate and then click the following registry key:
3. Right-click MSV1_0, point to New, and then click Multi-String Value.
4. Type BackConnectionHostNames, and then press ENTER.
5. Right-click BackConnectionHostNames, and then click Modify.
6. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
7. Quit Registry Editor, and then restart the IISAdmin service and run IISReset.
Hope this helps you debug Web Sites configured to use host headers.
Joe Cartano | SDET | Visual Studio Web Developer
PingBack from http://housesfunnywallpaper.cn/?p=579
You've been kicked (a good thing) - Trackback from DotNetKicks.com
The "secure" instructions don't work, still get this error after install of 3.5 SP1.
I'm glad to see this blog post, but this is really frustrating.
I guess next I'll try the "unsecure" option.
Did you run iisreset after adding your host header name as a back connection host name in the registry? If you still get this error after doing so, you can get in touch with me at joecar at microsoft dot com and we can take a look at what else might be causing a problem in more detail.
The secure method also isn't working for me. I definitely tried resetting IIS multiple times.
Is windows auth enabled for your web site? I would like to help you get unblocked, can you get in touch with me at joecar at microsoft dot com so I can take a look at what might be going wrong?
VS 2005 (SP 1 inkl. Vista Update) Projekte unter Vista (SP 1) zu debuggen war eigentlich nie ein Problem.
Thank you for this post. This resolves my problem to debug ASP.NET 2.0 applications with Visual Studio _2005_, which are coming up after install Visual Studio 2008 SP 1 on Vista. VS 2008 runs fine, also without this workaround.
Thanks a bunch! I been going insane over this for the last couple of hours.
Here are links to some blog posts I have previously written: ASP.NET MVC Preview 3 Tooling Updates And