I have an ASP .NET MVC 5 site that uses Windows Authentication. The main page just displays the current Identity name (Controller.User.Identity.Name) for testing purposes.
After deploying the website to the server (Windows Server 2012) and enabling Windows Authentication on IIS I visit the page going directly to the server. It prompts for credentials, I provide my AD username/password once and it works. So far so good.
Now, if I have the same server behind an AWS Elastic Load Balancer (only that one server) and I hit the site on the load balancer I noticed two issues:
- The page prompts many times for credentials. After clicking OK several times it works.
- I had a colleague login on his machine (he had to click several times too), then I went back to my computer. When I visited the url it didn’t prompt. It worked right away and it said the current user was my colleague.
This is very strange. Almost like the Kerberos ticket is getting lost or confused because of the load balancer. I tried this and step 4 from here, still no luck.
According to this blog post, ELB will work if you switch it to TCP mode: