I ran into a bit of a issue today at a client with Windows Authentication and WCF services (it seems like a very common problem) where I was using a host header in IIS to test a web application I was working on. To do this, I added an entry to the hosts file in %windir%\system32\drivers\etc to map the custom host name (e.g. testapp.com) to

Accessing the web application worked fine, but trying to access the WCF services hosted under IIS (also using Windows Authentication) kept prompting the login dialog and then eventually failing with the dreaded 401.1 - Unauthorized

Adrian Foyn pointed me to a registry hack to enable loopbacks by setting the registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\DisableLoopbackCheck = 1

This didn’t work for me but going from that I found a Microsoft KB article describing the problem and solution. Essentially, you have to add a registry key to let the system know what other DNS names are redirecting back to local host.

The fix is:


  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  2. Add a new Multi-String Value called BackConnectionHostNames
  3. Enter you custom host name 
  4. Restart IIS

Then we’re back in business