IIS7 kernel-mode authentication

This appears to be undocumented.

By default, IIS7 uses kernel-mode authentication, which happens to have a large performance benefit.  There is a bug in kernel-mode authentication where requests that send credentials will fail unless an anonymous request has been made first.  Once an anonymous request has been made, requests that send credentials will succeed (if the authentication is successful).  This isn’t a problem for browsers that send an anonymous request first and only send credentials when challenged, but it is often a problem for clients like that send credentials on the initial request.  If you find that an HTTP client that you wrote fails on IIS7, you can confirm that this is the cause by disabling kernel-mode authentication with the following command:

%windir%\system32\inetsrv\appcmd set config /section:windowsAuthentication /useKernelMode:false

-Thomas