I have a hybrid classic ASP + ASP.NET MVC 4 application running under Win Server 2k3 (IIS6) which we have upgraded to use MVC 4.

The ASP app is attached to the .NET application via a virtual directory. They run in the same application pool (if that matters). This particular app is an admin control panel, and uses basic authentication:

Before upgrading the project, when access the url for the virtual folder, the browser would display a login prompt, where I enter my domain-qualified username and password. The ASP code then retrieves the user name via Request.ServerVariables("AUTH_HEADER"), compares that against an application-level permissions list stored in the database, and enables or disables features in the admin site based on that.

After upgrading the project, I still get the login prompt, but Request.ServerVariables("AUTH_USER") returns an empty string.

I've added the old project into a new website so I can run them in parallel on the same server. The old code continues to work. The new code refuses to. The admin virtual directory in each version of the .NET application points to the same physical location on disk, and the authentication configuration for the folder in both .NET apps is identical.

Suggestions? Note that the MVC 4 app is using the .NET 4 framework, not .NET 4.5, which is not installed on the server.

Note that, although the default domain field in the screenshot is blank, it is properly configured. I've removed it from the image for obvious reasons.

Request.ServerVariables("AUTH_USER") can be obtained when you configured your application to use Forms authentication not Windows Authentication. If it is Windows Authentication you should use Request.ServerVariables("LOGON_USER")