I modified this sample app (https://github.com/dotnet/AspNetCore.Docs/tree/main/aspnetcore/fundamentals/servers/httpsys/samples/8.x/SampleApp) such that:

line 14 in Program.cs now reads:
(before): options.Authentication.Schemes = AuthenticationSchemes.None;
(after): options.Authentication.Schemes = AuthenticationSchemes.NTLM;

line 17 in Program.cs now reads:
(before): options.Authentication.AllowAnonymous = true;
(after): options.Authentication.AllowAnonymous = false;

line 20 in Program.cs now reads:
(before): options.UrlPrefixes.Add("http://localhost:5005");
(after): options.UrlPrefixes.Add("http://localhost:80");

Windows authentication works for localhost and port 5005, the sample project builds and runs and the index page renders without prompting for username/password. User.Identity.Name contains the logged in username and the domain to which the user is logged in.

I then proceed to apply the final change:

line 20 in Program.cs now reads:
(before): options.UrlPrefixes.Add("http://localhost:5005");
(after): options.UrlPrefixes.Add("http://127.0.0.1:80");

After applying the changes listed above, the project builds and runs, but the browser presents the built-in login prompt, asking for a username/password.

I have added 2 URL reservation entries and the command “netsh http show urlacl” outputs the following:

Reserved URL            : http://localhost:80/
        User: Everyone
            Listen: Yes
            Delegate: No
            SDDL: D:(A;;GX;;;WD)

Reserved URL            : http://127.0.0.1:80/
        User: Everyone
            Listen: Yes
            Delegate: No
            SDDL: D:(A;;GX;;;WD)

What am I missing? Why does this stop working when I apply the changes above?