To simplify my problems i am basically trying to setup an ASP.NET MVC 3 website that will allow users to view work items assigned to them. i have the website views and controllers working. the problems occur when i try to deploy to IIS running on my machine (Win 7). the Windows Authentication used to identify the user and access tfs are not passed through to the webpage automatically as it asks them to login (i do not want this). the Authentication on IIS only has Windows Auth enabled and the web.config has

<authentication mode="Windows" />
<identity impersonate="true" />
<customErrors mode="Off" />

<authorization>
  <deny users ="?" />
  <allow users ="*" />
</authorization>

does anybody know why this would not work.

Cheers

By default, ASP.NET impersonation is disabled. If you enable impersonation, your ASP.NET application runs under the security context of the user authenticated by IIS 7. See Configure ASP.NET Impersonation Authentication. Constrained Delegation via Kerberos is the only way to flow impersonated credentials to a second host. You can get around this by deploying your web application on the TFS App Tier and configuring its app pool to run as the same identity as the TFS web services.

You may want to have a look at this MS KB article. I had a similar problem, but around development box hostnames, and this worked for me: http://support.microsoft.com/kb/896861