Authentication issue when debugging in VS2013 - iis express

Question

I'm trying to pick up the windows username when debugging in Visual Studio 2013. I am simply using:

httpcontext.current.user.identity.name

If I run this on my Dev Server it works fine, if I run it in debug mode on any previous version of Visual Studio it also works fine.

My problems is - If i run this on visual studio 2013 I get an empty string.

My web config is as follows.

<system.web>
    <authentication mode="Windows"/>
    <identity impersonate="false"/>
    <authorization>
       <allow users="*"/>
    </authorization>
    <compilation debug="true" strict="false" explicit="true" targetFramework="4.0"/>
    <customErrors mode="Off"/>
</system.web>

score 216 · Answer 1 · answered Dec 31 '13 at 11:58

216

I had just upgraded to VS 2013 from VS 2012 and the current user identity (HttpContext.User.Identity) was coming through as anonymous.

I tried changing the IIS express applicationhost.config, no difference.

The solution was to look at the properties of the web project, hit F4 to get the project properties when you have the top level of the project selected. Do not right click on the project and select properties, this is something entirely different.

Change Anonymous Authentication to be Disabled and Windows Authentication to be Enabled.

Works like gravy :)

answered Dec 31 '13 at 11:58

Toby Simmerling

2,228
1
11
6

10

Thanks for that one. I cannot believe they have added that as an 'enhancement'. That is what web.config is for. Now we can't trust what we see in web.config. Brilliant. – trucker_jim Feb 28 '14 at 12:04
4

I believe this is a better approach than the accepted answer, as it wouldn't affect other application running on the IIS Express. – niaher Apr 18 '14 at 08:26
Thanks a bunch. That did it for me as well! Was a Visual Studio 2008 Project I upgraded to Visual Studio 2013. – Rob K. Jul 28 '14 at 19:38
In VS 2012 I used: "Use Visual Studio Development Server". So an upgrade and this worked. Even though it now runs IIS Express. – Thomas Koelle Sep 22 '14 at 13:42
This one should be the accepted answer, if you've just upgraded to VS 2013. – Nishant Dec 15 '14 at 21:58
If the option is greyed out then you need to go and change your \\mydocuments\IISExpress\config file to allow changes or just change it there (will affect all projects though) – Ravendarksky Mar 03 '16 at 18:36
I had a project that was created before this was added. It is set up to have Anonymous Authentication and Windows Authentication Enabled and it works. A new project set up the same way defaulted to Anonymous Authentication. So be careful of existing projects. – Nate Dec 23 '16 at 22:45
Note that this setting is machine-specific and not saved in the .csproj file as you would expect when changing something called "properties" of a project. – Chris Mar 06 '18 at 08:40

score 130 · Accepted Answer · edited Dec 26 '17 at 18:44

130

As I was researching this I found my answer, but can't find the answer on the internet, so I thought I'd share this:

I fixed my issue by modifying my applicationhost.config file. My file was saved in the "\My Documents\IISExpress\config" folder.

It seems that VS2013 was ignoring my web.config file and applying different authentication methods.

I had to modify this portion of the file to look like the below. In truth, I only modified the anonymousAuthentication to be false and the windowsAuthentication mode to true.

<authentication>

  <anonymousAuthentication enabled="false" userName="" />

  <basicAuthentication enabled="false" />

  <clientCertificateMappingAuthentication enabled="false" />

  <digestAuthentication enabled="false" />

  <iisClientCertificateMappingAuthentication enabled="false">
  </iisClientCertificateMappingAuthentication>

  <windowsAuthentication enabled="true">
    <providers>
      <add value="Negotiate" />
      <add value="NTLM" />
    </providers>
  </windowsAuthentication>

</authentication>

edited Dec 26 '17 at 18:44

KyleMit

30,350
66
462
664

answered Oct 22 '13 at 10:54

Neil Watson

2,801
3
18
20

2

I had to do this to get debugging in VS2013 using IIS Express to work reliably. Without this, seemed to work OK once, then 401 thereafter. (1) Is there an AppCmd command that would change the applicationhost.config file, and (2), F4 on the Web Project lets me switch Anonymous Auth off and Windows Auth on. Doing that in VS2012 worked fine, in VS2013 does not produce a 401 free dev environment. – IanT8 Nov 04 '13 at 01:27
4

@Neil, you saved my day. BTW: It is not necessary to turn off `anonymousAuthentication`. It is sufficient to turn on `windowsAuthentication`. These settings control what authentication mechanisms the web sites are allowed to use. – chiccodoro Feb 11 '14 at 16:22
+1 as well...been trying to solve this nagging issue for a while with my local IISExpress isntance – Jeff Lewis May 30 '14 at 20:23
Ah, THAT's how to do it. Genius. Thanks for this tip, really useful ! – Mike Gledhill Aug 15 '14 at 09:14
1

I had to remove the "Negotiate" to be able to test a webservice call (with WSE3) without getting a 401. – Wolf5 Dec 02 '14 at 17:11
Bizarre... I found the issue to happen with TFS and windows auth – pat capozzi Dec 11 '14 at 18:04
ALSO. You might want to check that in the Properties Pane in VS2013 for your web project, that you have "anonymous authentication" disabled, and "windows authentication" enabled. I had to do this to get it to work. – askrich Jan 28 '15 at 09:03
Anyone using this should bear in mind it will change all applications using IIS express, not just the application you are working on. – Toby Simmerling Jul 24 '15 at 12:37
So this got me to where I needed to get. I made the change above. I also needed to change this : "
".............Now for future readers. I already had set these in my file : C:\Users\MyUserName\Documents\IISExpress\config\applicationhost.config VS 2015 throws in a NEW FILE !! (SlnRoot)\.vs\config\applicationhost.config SlnRoot is the directory were your .sln resides. (This is my own made up abbrevation, not an official one) Make sure you update .vs\config\applicationhost.config for VS2015 solutions !! – granadaCoder Aug 22 '16 at 13:05

ThaNet · Answer 3 · 2017-06-08T18:34:42.723

41

In Visual Studio 2013 AND VS15 (but i guess if the same for all other version) just press F4 and change this two properties: -Anonymous Authentication: Disable -Windows Authentication: Enable

edited Jun 08 '17 at 18:34

answered Feb 17 '14 at 19:04

ThaNet

597
11
19

1

Thanks for that one. I cannot believe they have added that as an 'enhancement'. That is what web.config is for. Now we can't trust what we see in web.config. Brilliant. – trucker_jim Feb 28 '14 at 12:03
1

You just saved me from a rollback to Visual Studio 2010! – Julien P May 15 '14 at 09:02
2

Cant believe this was not #1 questio/answer out of all these SO posts those keep on talking about IIS settings – Lost Oct 23 '15 at 17:03

score 38 · Answer 4 · answered Dec 11 '13 at 13:28

38

In VS2013 F4 on your project to view properties window and disable Anonymous access and enable "Windows authentication"

Then it will work. No need to change anything else

answered Dec 11 '13 at 13:28

James Pressley

399
3
2

Frustratingly, this option exists when you want to debug a web project, but doesn't exist for Service projects. Grrrr... – Mike Gledhill Nov 14 '14 at 11:16

score 9 · Answer 5 · answered Sep 02 '15 at 19:43

9

VS 2015 changes this. It added a .vs folder to my web project and the applicationhost.config was in there. I made the changes suggested (window authentication = true, anon=false) and it started delivering a username instead of a blank.

answered Sep 02 '15 at 19:43

Tom McDonald

1,532
2
18
37

score 8 · Answer 6 · answered Oct 22 '13 at 13:43

Open up the applicationHost.config file located in the C:\Users[userid]\Documents\IISExpress\config folder. Inside this file change the overrideModeDefault of anonymousAthentication and windowsAuthentication to "Allow"

 <sectionGroup name="security">
                <section name="access" overrideModeDefault="Deny" />
                <section name="applicationDependencies" overrideModeDefault="Deny" />
                <sectionGroup name="authentication">
                    <section name="anonymousAuthentication" overrideModeDefault="Allow" />
                    <section name="basicAuthentication" overrideModeDefault="Deny" />
                    <section name="clientCertificateMappingAuthentication" overrideModeDefault="Deny" />
                    <section name="digestAuthentication" overrideModeDefault="Deny" />
                    <section name="iisClientCertificateMappingAuthentication" overrideModeDefault="Deny" />
                    <section name="windowsAuthentication" overrideModeDefault="Allow" />
                </sectionGroup>

Next change lockItem to be "false" for AnonymousAuthenticationModule and WindowsAuthenticationModule

  <system.webServer>
            <modules>
                <!--
                <add name="HttpCacheModule" lockItem="true" />
-->
                <add name="DynamicCompressionModule" lockItem="true" />
                <add name="StaticCompressionModule" lockItem="true" />
                <add name="DefaultDocumentModule" lockItem="true" />
                <add name="DirectoryListingModule" lockItem="true" />
                <add name="IsapiFilterModule" lockItem="true" />
                <add name="ProtocolSupportModule" lockItem="true" />
                <add name="HttpRedirectionModule" lockItem="true" />
                <add name="ServerSideIncludeModule" lockItem="true" />
                <add name="StaticFileModule" lockItem="true" />
                <add name="AnonymousAuthenticationModule" lockItem="false" />
                <add name="CertificateMappingAuthenticationModule" lockItem="true" />
                <add name="UrlAuthorizationModule" lockItem="true" />
                <add name="BasicAuthenticationModule" lockItem="true" />
                <add name="WindowsAuthenticationModule" lockItem="false" />

Making these changes will allow the existing web config settings to override what is in the applicationHost file for IIS Express.

These changes plus a logoff worked for me. Something is cached, because stopping IIS Express from the notification icon and restarting VS doesn't work. This error is really annoying, it occurs every few months or half year when a new VM or developer PC is built. It always causes up to half a day lost, messing around with settings. The problem is although these settings should fix it immediately, it doesn't and after playing around it suddenly works, very strange and I don't like that. A logoff is then recommended. Next time it happens I'll try to isolate, but this is a very annoying default. — Tony Wall, Mar 31 '16 at 09:24

score 6 · Answer 7 · answered Mar 31 '14 at 23:34

You could also modify the project properties for your web project, choose "Web" from left tabs, then change the Servers drop down to "Local IIS". Create a new virtual directory and use IIS manager to setup your site/app pool as desired.

I prefer this method, as you would typically have a local IIS v-directory (or site) to test locally. You won't affect any other sites this way either.

Web Project Properties

score 1 · Answer 8 · answered Apr 01 '15 at 18:16

It appears that the right answer is provided by user3149240 above. However, As Neil Watson pointed out, the applicationhost.config file is at play here.

The changes can actually be made in the VS Property pane or in the file albeit in a different spot. Near the bottom of the applicationhost.config file is a set of location elements. Each app for IIS Express seems to have one of these. Changing the settings in the UI updates this section of the file. So, you can either change the settings through the UI or modify this file.

Here is an example with anonymous auth off and Windows auth on:

<location path="MyApp">
    <system.webServer>
        <security>
            <authentication>
                <windowsAuthentication enabled="true" />
                <anonymousAuthentication enabled="false" />
            </authentication>
        </security>
    </system.webServer>
</location>

This is equivalent in the VS UI to:

Anonymous Authentication: Disabled
Windows Authentication: Enabled

In the current VS this does not work, it will always say it is locked even when the applicationhost.config modules have been unlocked in both user documents and solution .vs/config paths. Also it is not true this is the only place, the settings from the properties window are actually stored in the VS web project's XML. But it doesn't matter because changing them also doesn't help, the applicationhost always overrides. A logoff was necessary to get those changes to work, that's all. — Tony Wall, Mar 31 '16 at 09:21

score 1 · Answer 9 · answered Feb 18 '19 at 16:12

1

F4 doesn't always bring me to this panel. Besides, it is often said that a picture is worth a thousand words.

answered Feb 18 '19 at 16:12

Weihui Guo

3,669
5
34
56

Authentication issue when debugging in VS2013 - iis express

9 Answers9

Linked

Related