IIS express applicationhost.config security is reset every time a solutions is opened in VS2012

Question

I have an MVC4 application been developed in VS2012 that uses forms authentication.

[authentication mode="Forms"]
  [forms loginUrl="~/Account/Login" timeout="2880" /]
[/authentication]

It's using the default IIS 8.0 Express.

Every time I open and run the app from within the VS I got the message:

HTTP Error 401.2 - Unauthorized

You are not authorized to view this page due to invalid authentication headers.

I found out that to avoid this screen I have to change to 'true' the anonymousAuthentication and windowsAuthentication keys of the Security section of the applicationhost.config file at the [User Documents]\IISExpress\config folder to:

[system.webServer]
  [security]
    [authentication]
      [anonymousAuthentication enabled="true" /]
      [windowsAuthentication enabled="true" /]
    [/authentication]
  [/security]
[/system.webServer]

But every time I reopen the solution in VS the keys are reset to false.

How can I make then permanently set to true?

I've tried to put those key in the application's web.config but then I receive the message:

HTTP Error 500.19 - Internal Server Error

The requested page cannot be accessed because the related configuration data for the page is invalid.

Any help folks?

You saved my day! I was giving up with IIS express and your comment about applicationhost.config solved my problem. — eddo, Aug 24 '12 at 12:26

eddo · Accepted Answer · 2012-08-25T18:38:40.563

17

If the problem is that Visual Studio updates the two settings in the applicationhost.config when opening the solution, you can solve it by selecting the Project in the Solution Explorer, view the Properties pane (available when you're not in debug mode) and set to Enabled the two items Anonymous Authentication and Windows Authentication.

By the way, in my case the parameter generating the 401.2 error was just Anonymous Authentication, you might want to try to leave the default one for Windows Authentication.

(PS, your post solved the problem for the 401.2 and really saved my day so many thanks for it!)

edited Aug 25 '12 at 18:38

answered Aug 24 '12 at 12:46

eddo

2,094
1
25
31

2

I can't believe they are now hiding settings in the (collapsed by default) properties window. Sure we know the side properties window for design views, but never for projects and solutions, just project items perhaps. This seems to catch a lot of people out. We expect all settings to do with the web server to be on the "Web" tab of the main properties screen (not the properties tool window). Have to be more aware of this now with Visual Studio 2012. That was a bad design change in my opinion; half the settings here, half the settings there... Anyway thanks! – Tony Wall Jan 25 '13 at 09:52

score 2 · Answer 2 · edited May 23 '17 at 12:32

2

You can edit IIS authentification modes by changing

iis properties in \My Documents\IISExpress\config\applicationhost.config
project properties in visual studio

The second option is your answer.

A full answer with screenshots is already on stackoverflow : https://stackoverflow.com/a/7168308/2988788

edited May 23 '17 at 12:32

Community

1
1

answered Nov 15 '13 at 14:00

jbigman

1,200
11
24

score 0 · Answer 3 · answered Dec 12 '14 at 03:04

0

You can usually use your windows account with your domain being your pc name and your windows account/password. For example pc-name\username also adding IISUSR as an account on your security settings.

answered Dec 12 '14 at 03:04

sandman007

43
1
10

IIS express applicationhost.config security is reset every time a solutions is opened in VS2012

3 Answers3

Linked