This one annoyed me for longer than I wish to share… If you are having problems using Windows Authentication on IIS (in particular with the ADFS 2.0 passive federation) where you can login fine with Internet Explorer but Google Chrome simply repeats asking for your login and password then this is for you! IIS has a new feature called “Extended Protection” for Windows Authentication. The appears to have an affect on Chrome but not IE, therefore to disable it do the following:

  1. Logon to the system which is hosting your web site
  2. Launch IIS Manager and navigate to the Virtual Directory (make sure you change this for your Virtual Directory not just the root of the web application)
  3. Select the “Authentication” feature
  4. Select “Windows Authentication”
  5. On the right hand task pane you should now see “Advanced Settings…”, select this
  6. Change or make sure that “Extended Protection” is off

After you complete the above Chrome should now allow you to enter your login details just the once!

Note: You can also change the ADFS 2.0 login type by editing the web.config under the “ls” virtual directory to forms if you prefer.