You might encounter a very frequent problem when you are using FQDN or Custom Host Headers to access a SharePoint Site locally from the Server where it is hosted that is running on IIS 5.1 or later and get it constantly prompt for the credentials in the pop window.
Though this is very frustrating but a necessary evil that was introduced earlier with Microsoft Windows Server 2003 Service Pack 1 (SP1) and still present. This feature was designed to help prevent reflection attacks on the compute.
“In computer security, a reflection attack is a method of attacking a challenge-response authentication system that uses the same protocol in both directions. That is, the same challenge-response protocol is used by each side to authenticate the other side. The essential idea of the attack is to trick the target into providing the answer to its own challenge.
The general attack outline is as follows:
1.The attacker initiates a connection to a target.
2.The target attempts to authenticate the attacker by sending it a challenge.
3.The attacker opens another connection to the target, and sends the target this challenge as its own.
4.The target responds to the challenge.
5.The attacker sends that response back to the target on the original connection”
Steps To fix this issue on Development & Non-Production Environment
Using Registry Editor
Step 1: Use Windows Icon + R to launch a Run menu
Step 2: Type the command “REGEDIT”
Step 3: Expand node “Computer -> HKEY_LOCAL_MACHINE -> CurrentControlSet -> Control”
Step 4: Locate Key by the name “Lsa” as shown below
Step 5: Add a new DWORD Entry
- Select “Lsa” Key
- On the Right Hand Side Panel create a new DWORD Entry as shown below
- Enter “DisableLoopbackCheck” in Value Name field
- Enter “1” in Value Date Field
- Select “Hexadecimal” radio button
- Click OK to save the DWORD
Using PowerShell Script
We can cut short the above steps by creating a DWORD Entry using PowerShell
If we see the Registry Key “Lsa” we found “DisableLoopbackCheck” DWORD is not present
Run the following PowerShell Command
New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name “DisableLoopbackCheck” -value “1” -PropertyType dword
Once the command executed successfully you can the “DisableLoopbackCheck “ DWORD created successfully.
This is a simple fix to quite a frustrating issue we encountered so frequently during web development.
Hope you find it helpful.