We have a simple intranet site in MVC3 and entity framework. Everything works fine for running in debug from visual studio. When I publish the site to either my local boxes IIS7.5 webserver or to a dev box on the same domain, then I get prompted for a username and password and it won't connect to the site. It just returns a 401.1 error and curiously shows

Logon Method Not yet determined 
Logon User Not yet determined 

I have verified that the windows authentication is enabled and anonymous authentication is disabled. the application is using the applicationPoolIdentity but I have tried it with Network Services with no difference. The webconfig includes

<authentication mode="Windows" />

and I have tried it with and without the authorization section.

<authorization>
  <allow users="*" />
</authorization>

The only other thing I've found online involved changing a registry entry, but this will eventually be on a production server so I'm not comfortable making registry changes just for this.

running locally with this code block returns all the expected information

<div id="title">
    <h4> Environment.UserName: @Environment.UserName  
    @DateTime.Now.Millisecond.ToString() </h4>
    @foreach (var role in Roles.GetRolesForUser())
    {
        role.ToString(); <br />
    }
</div>
<div id="logindisplay">
    Context.User.Identity.Name <strong>@Context.User.Identity.Name</strong>!<br />
    @Environment.UserDomainName
</div>

It is an MVC3 Web Application. The IIS Authentication switches are

Anonymous Authentication     Disabled
ASP.NET Impersonation        Disabled
Forms Authentication         Disabled
Windows Authentication       Enabled

Any other ideas or things I'm missing?

This Article on MSDN illustrates how to setup an IIS 7 MVC3 Intranet Website: http://msdn.microsoft.com/en-us/library/gg703322(VS.98).aspx

The interesting piece that relates to you is most likely the last section on Impersonation. If you run your site as Windows Authentication but have Impersonation off you will be reading/executing the files for the website using the authenticated identity. That means each user who wants to access the site will need folder/file permissions.

To avoid that, use Windows Auth to allow users to authenticate but use Impersonation to use a single identity to access the folder/files.

It seems that you windows authentication works, since you are prompted for credentials when opening the page...you should put your credentials in there and it should take you to your web page...or the problem is that you are not able to open you page after putting correct credentials?

What I would try first is to change your application pool mode from Classic to Integrated (or vice versa).

Then, it looks like that your machines are in some domain? In that case, check that you are putting right credentials. You should put <domain>\<your_username> as username. Further, if that doesn't work, try adding and removing your machine from domain and try again. There might be more ideas, let me know how this goes and if possible what is the output of command nltest.exe /SC_QUERY:domain_name ?

You need to actually configure this in IIS to utilize Windows Authentication.

1. Open up the IIS Manager
2. Go to where your application resides in IIS
3. In Content View double-click Authentication
4. Enable Windows Authentication and disable Anonymous Authentication

If you are only doing this on the AppPool, the application settings will override this.

When you say:

I have verified that the windows authentication is enabled and anonymous authentication is disabled.

Where exactly did you set this? Not sure what OS you are running on the machine where you get prompted, but certain flavors of Windows don't support Windows Authentication (i.e. Windows 7 Home does not).

I am having the same problem. When creating a new application under default websites, things work fine. But when I create a new website and put the files under there I cant seem to get this to work. I keep getting a login prompt. I am using the same application pool for my new site and have configured the directory permissions to allow full control to iis_isuser and others since this is a dev machine.