I am trying to use the tomcat security constraints "behind" an IIS web server. I know tomcat and the ISAPI filter are working. Also, Tomcat authorization is working bypassing IIS using port 8080. When I try to reach the exactly same application through IIS (port 80) I get the user validation dialog box and after I try to login with a valid user and password I get HTTP 401.1 - Unauthorized: Logon Failed. TIA, Felipe