Browsing to certain AD FS 2.0 resources results in an authentication prompt rather than being allowed the expected anonymous access.
The problem lies in IIS, but can manifest due to different conditions:
1. Authentication settings on /adfs/ls/
2. Settings from web.config
<deny users="?" />
The <deny users> tag can have any value, such as "?", "*", or specific user names.
"?" - means all anonymous users are denied access.
"*" - means all users are denied access.
1. Revert IIS authentication settings back to default. /adfs/ should have Anonymous only. /adfs/ls/ should have Anonymous and Windows.
2. Edit or remove web.config files containing authorization settings which block anonymous access.