IE8 unable to authenticate to local wesite with Windows Authentication

IE8 cannot authenticate to a website on the same machine when the website is accessed using a host header bound to the loopback IP (either 127.0.0.1 or ::1). This often happens in development situations such as a local SharePoint instance, where sites are created using different host headers. The IIS log indicates that IIS challenged with 401 response, but the client (IE) never sends the user crendential. If the site is accessed from a different machine (by giving an entry in the hosts file of that machine), it can access the website without problem.

This is a problem caused by a Windows seucirty update for loopback check that's meant to prevent reflection attacks. To fix it, disable the loopback check by editing the registry:

1. go to HKLM\SYSTEM\CurrentControlSet\Control\Lsa
2. Add a new DWORD named DisableLoopbackCheck
3. Set the value to 1
4. Reboot.

For more info, go to MSFT http://support.microsoft.com/kb/896861

Also see http://serverfault.com/questions/32345/ie-8-authentication-denied-on-local-sharepoint-site