Today I had a client with a problem with one of my web applications. The application consists of a user interface with a back-end web service to grab data from the database.
The web service is called both on the server and using web service behaviour from the client.
They could browse and use the application on one server, but on a second server there were various unauthorised messages when trying to contact the web service.
Turns out there were a few things coming into play. Firstly there is a DNS entry for the application and IIS is set up to use a host header. Second, the server that doesn't work is using Windows 2003 SP1, the server that works hasn't been service packed.
Turn's out there is a known problem with SP1 and Loopback addresses:
http://support.microsoft.com/?kbid=896861.
Interestingly I had another problem at a different client where I couldn't browse to an application on the server on which it was intstalled. Again it was using a host header entry and applying the fix above resolved that problem too.