Browsing to certain AD FS 2.0 resources results in an
authentication prompt rather than being allowed the expected
The problem lies in IIS, but can manifest due to different conditions:
1. Authentication settings on /adfs/ls/
2. Settings from web.config
<deny users="?" />
The <deny users> tag can have any value, such as "?", "*", or specific user names.
"?" - means all anonymous users are denied access.
"*" - means all users are denied access.
1. Revert IIS authentication settings back to default. /adfs/ should have Anonymous only. /adfs/ls/ should have Anonymous and Windows.
2. Edit or remove web.config files containing authorization settings which block anonymous access.