Windows Authentication & Active Directory integration on IIS — running on lab.local
Click any protected link above. Your browser will show a Windows credentials popup. Enter:
Username: lab.local\labuser1 Password: LabApp123!
If no popup appears, the browser may have tried and failed silently. Open the URL in an InPrivate/Incognito window to force a fresh prompt.
Use --ntlm (or --negotiate for Kerberos) with the AD credentials:
RDP as a domain user (lab.local\labuser1) — then open a browser on the VM. IIS recognises the logged-in Windows session automatically (Kerberos SSO, no popup).
LabApp123!LabApp123!LabApp123!401 Unauthorizedlab.local\labuser1 / LabApp123! (browser popup or curl --ntlm) → response shows your Windows identity and group memberships200 OK (labuser1 is in LabAppUsers)403 Forbidden (labuser1 is NOT in LabAppAdmins)Add-ADGroupMember -Identity LabAppAdmins -Members labuser1200 OKWindowsPrincipal → [Authorize(Roles="LabAppAdmins")]