I just found something counter intuitive, maybe someone here could explain why things work this way. If you have both IWA (Integrated Windows Authentication) and BA (Basic Authentication) checked in IIS, Firefox will not work authentication (unless you force it to use NTLMv1), it prompts fo a password but never works. However, if only BA is checked it will work. You would think that between IIS and Firefox it would negotiate to use BA if it was checked in IIS, but that does not seem to be the case. To cut to the chase, out of the box Firefox only seem to work if IWA is not checked off in IIS. Anyone know why this is? Before anyone asks, yes I know to force SSL if BA is used. Thanks.