Hello, everyone.
I am trying to implement both windows and forms authentication in a ASP.NET web application by following the instructions from this article. The idea is to enable Windows auth only on a single page, while the rest of the application works under Forms auth. This scheme works in all browsers except Internet Explorer (and Edge). The problem is that Internet Explorer uses an optimization technique called NTLM Pre-auth, which means Internet Explorer will periodically send an empty (does not contain request body) handshake request instead of a normal request, assuming that IIS will complete a handshake. However, since Windows auth is actually disabled in IIS, IIS just delegates a handshake request to a corresponding web service or web page, and that usually results in a 500 status code response due to server exception (because of empty request body). It seems that after encountering any resource with Windows auth Internet Explorer presumes that all other resources of that web site also support Windows authentication. It is possible to disable this IE optimization in a Windows registry, or disable kernel mode auth in IIS but I wonder if there are any other workarounds.