IIS Binding with windows authentication

Question

I have a local website (http://localhost/testsite) with Windows Authentication, that works well.

Now I changed the binding of the site to an URL (http://testsite.blablab

Answer 1

Windows has a security feature for doing loopback checks, which is designed to help prevent reflection attacks on your computer.

When you use a custom host header to browse a local web site that is hosted on a computer running IIS you will receive this error message if the web site uses Windows authentication and has a name that is mapped to the local loopback address.

There are two methods to work around this issue:

1) Specify host names, or

2) Disable the loopback check

Microsoft KB Article ID: 896861