Authenticating to IIS when using Host Headers

Instead of hosting local development sites with different ports or as sub webs of the default root app, I choose to run all of my development sites as unique sites. I use host header strings to determine which site is hit without requiring unique ports for each.

Most of the time this works fine - except when you want to authenticate. Normally, IIS does not allow NTLM requests when the domains differ. In order to allow authentication to work on a site that uses host headers, perform the following actions:

  1. Open regedit (Win+R, type regedit and hit enter)
  2. Navigate to HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0
  3. Add a new multi-string value in the right-hand pane named: BackConnectionHostNames
  4. Right-click the new multi-string value and enter the hostname you're using in the dialog.
  5. Restart your machine

Labels: