Try setting your authorization to <allow users="?"/>
and leave the authentication in there as it is. If that makes everything work, then the fix would be to set allow access to the folder they need for things to work, and the rest is then authenticated. It's also possible your deny also needs an allow for authenticated. (Not sure if you need both...) It can be fiddly to get working right. Security is that thing you turn on that breaks everything. :) http://stackoverflow.com/questions/10351075/allow-anonymous-authentication-for-a-single-folder-in-web-config [https://cdn.sstatic.net/Sites/stackoverflow/img/apple-touch-i...@2.png?v=73d79a89bded]<http://stackoverflow.com/questions/10351075/allow-anonymous-authentication-for-a-single-folder-in-web-config> asp.net - Allow anonymous authentication for a single ...<http://stackoverflow.com/questions/10351075/allow-anonymous-authentication-for-a-single-folder-in-web-config> stackoverflow.com So here is the scenario, I have an Asp.Net application that is using a custom authentication & membership provider but we need to allow completely ... ________________________________ From: ozdotnet-boun...@ozdotnet.com <ozdotnet-boun...@ozdotnet.com> on behalf of Tony Wright <tonyw...@gmail.com> Sent: Monday, 1 May 2017 7:43:23 AM To: ozDotNet Subject: Re: Angular 4 under windows authentication Yea I'm pretty certain it's security, but I thought it would be a bit drastic to set files to anonymous access. The interesting thing is that scripts are loading, just not through systemjs (which is the default module loader for new Angular). I'm not sure what context systemjs is running under, or why it's not seeing other files when it should already be authenticated. The whole of my index.html file has been moved into an index.cshtml file to support windows authentication under iis. Just thinking this through, it is probably acceptable to have all the script and html files as anonymously accessible, as it is at the webapi controller that we truly need to lock down security. Does that make sense? I thought it would have problems authenticating against webapi if I did it that way! (FYI, I'm using dot net framework 4 for this one, as it supports the EF canvas.) On Mon, May 1, 2017 at 9:26 AM, Stephen Price <step...@lythixdesigns.com<mailto:step...@lythixdesigns.com>> wrote: Hi Tony, I did a bit of this kind of troubleshooting last year. I had to set up anonymous access for one service and authenicated on the rest. I ended up setting that in the web.config file at the IIS level. You can specify the files/permissions there. Have you tried seeing what errors are returned using fiddler? Might help you. It could be that you need to allow anonymous access to something... Not looked at your site, am on my phone but it does sound permission related given it all works anonymous Cheers On 1 May 2017 7:12 am, Tony Wright <tonyw...@gmail.com<mailto:tonyw...@gmail.com>> wrote: Hey all, I currently have an angular 4 app (same as 2) running successfully with anonymous authentication. I am now trying to get it to work with windows authentication for an intranet application. It is unable to use the SystemJs loader at the moment. I've managed to get past the unauthorised problem, but it is complaining about the requirejs include being missing (it's there.) The exact error message is: Uncaught Error: Module name "@angular/platform-browser-dynamic" has not been loaded yet for context: _. Use require([]) http://requirejs.org/docs/errors.html#notloaded<http://requirejs.org/docs/errors.html#notloaded> at F (require.js:7) [<root>] at Object.m [as require] (require.js:26) [<root>] at requirejs (require.js:32) [<root>] at :1264/app/main.js:2:34 [<root>] I have put more details up on stackoverflow, including a link to my demo app. http://stackoverflow.com/questions/43696548/systemjs-not-working-with-windows-authentication-and-typescript-in-angular4 My demo app may be found here: https://bitbucket.org/tonywr7/angular2vs2015 (the name may be a bit confusing - its actually an angular 4 app I'm running under VS2017 enterprise. Serves me right for putting technology versions in the solution name!) Does anyone have any ideas on how to get around this? Kind regards, Tony