If you are developing an ASP .NET website that uses Windows Authentication and add a host header in IIS to the ASP .NET web application, accessing the site on the local box, might not work. Windows Authentication will fail if the loopback check is not disabled. By default, loopback check functionality is turned on in Windows Server 2003 SP1 and later. So if you add an entry to the Windows hosts file, found in [C:\Windows\System32\drivers\etc], like:     dev.com

And access the ASP .NET web application on the local box, by using the hostheader: http://dev.com/MyWebApplicaiton/Default.aspx make sure the loopback check is disabled:


  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. Right-click Lsa, point to New, and then click DWORD Value.
  4. Type DisableLoopbackCheck, and then press ENTER.
  5. Right-click DisableLoopbackCheck, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Exit Registry Editor.
  8. Restart the computer. Note You must restart the server for this change to take effect



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.