IIS 7 Challenge-based and login redirect-based authentication cannot be used simultaneously

IIS7, Win2008 R2, Authentication, SharePoint 2010 (claims-based authentication)

Error Message: "Challenge-based and login redirect-based authentication cannot be used simultaneously"

We are only seeing the above error message displayed in IIS7 Manager, "site", Authentication.  We do not see this error in the applications themselves.

We're only seeing this in IIS manager.  The site is SharePoint 2010 with some non-sharepoint sites running in the same web site.  Everything is working fine and there are no errors in the Event logs (Application, System,

Should we be concerned at all?  Most of what we're seeing on the web says this can be safely ignored.
http://forums.iis.net/t/1174844.aspx 
http://social.msdn.microsoft.com/Forums/en-NZ/sharepoint2010general/thread/7c88320f-8c53-434c-a053-9f6b99e795ec 
http://knowledgebase.solarwinds.com/kb/questions/2074/__print 
http://forums.iis.net/t/1153025.aspx 

There was one "workaround" presented (http://mvolo.com/iis-70-twolevel-authentication-with-forms-authentication-and-windows-authentication) .
RoadhouseBluesAsked:
Who is Participating?
 
TI2HeavenConnect With a Mentor Commented:
You can close your question if you want (by deleting) if have change your mind.
I do insist that you are right asking you why, you may have a security issue, those that don’t show up in tests.  To deploy you need to have information about the software. And I am only asking for information, no changes are needed for now.
Please don’t leave the question open for ever.
0
 
TI2HeavenCommented:
Your question have a little ambiguty but a guess you have one site, with many components and some are not using the same authenticated method of sharepoint. I will try to make virtual directories for each component and try to find wich one is requiesting another authentifation method. With virtual directories you have the oportunity to select other authentification methods.
0
 
RoadhouseBluesAuthor Commented:
Hi,

Sorry for the ambiguity.  Here's some additional information:

Basically the alert, assuming I understand it, is saying that you can't have both (Challenge-based and login redirect-based ) in the same website.  Normally this is true, unless you have your own custom authentication provider - which we have.  Although it really doesn't matter much in regards to a SP2010 site since we aren't using both kinds of authentication in SP2010.  
 

Additional Details:

  App Pool:  Integrated

  App Pool Identity: Domain service account

 

WebSite:

Sharepoint2010 using Forms (re-direct based) Authentication

  .NET 2.0

  .NET 2.0

  Content (virtual directory) (challenge-based authentication)

 

On the one hand we're not seeing any funcitonal or performance issues in the website.  On the other we'd like a better understanding of what this alert is and whether it ought to be a concern.  For example, is it signaling doom?  or is it just simply "alerting"?

 

Thanks in advance.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
TI2HeavenCommented:
You are right to ask yourself why.
I am trying to check if your sentence:
We're only seeing this in IIS manager.  The site is SharePoint 2010 with some non-sharepoint sites running in the same web site.
Could be the reason of the event. Non-SharePoint sites running in the same site?
Maybe those non-SharePoint sites requires different authentication…..
0
 
TI2HeavenCommented:
hello?
0
 
RoadhouseBluesAuthor Commented:
Hi,

The configuration of the site is virtually the same as in 2007.  The only difference is the claims-based authentication of 2010 (and IIS7).  

Our functional testing of the system has turned up no issues.  Our guess is the addition of claims-based authentication is what is causing the alert to display in IIS7.  We're trying to determine if this is something to be concerned about.  We could (I'm assuming) make some changes to the deployment until this alert disappeared (but if its not warranted we'd prefer to avoid this step).

We're just trying to find out what causes this alert, and whether it is critical or benign.

Does that help to clarify?

Thanks again for your assistance.
0
 
RoadhouseBluesAuthor Commented:
OK, Thanks again for your time.  

I'll leave this open for another week and see if we can advance our knowledge further.  If not, I'll close it then.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.