I stood up a development that featured both Commerce Server 2007 and SharePoint 2010. Within the environment, there is a public site and a private site. The SharePoint public site authenticates with a custom provider for Commerce Server 2007. The SharePoint private site uses windows authentication. Once the public site loaded correctly, I was greeted by the below Authentication Failed Exception on the private site. You can see from the screenshot below that it’s not pretty.
Unfortunately, the stack trace here doesn’t provide too much direction.
I checked the Event Viewer to try glean some useful information. I found the following event.
This only offered misdirection and confusion as it referenced the Commerce Server in the stack trace, which couldn’t be the case since this site used Windows Authentication. The solution came down to the aspnet:AllowAnonymousImpersonation setting, which was configured to true. Once it was modified to false, the site came up as desired. Below is the working configuration.