4

At work we were forced into a hardware refresh where we went from a Windows 7 box with VS 2013 and IIS Express 6 to a Windows 10 box with VS 2017 and IIS Express 10. The problem is that Windows Authentication refuses to work. I get a 401.2 - Unauthorized with the explanation of "Invalid Authentication Headers".

I've checked the web.config and the properties for the web project and they are correct. I've modified the applicationhost.config file in the .vs folder in the project to enable windows authentication. I even checked the permissions of the files to make sure authenticated users had the right permissions. None of this has worked.

This all worked fine in IIS Express 6. What did Microsoft change in IIS Express 10 that screws this all up?

Edit: have to manually type this stuff in, since I can't move code from the dev machine.

web.config:

<system.web>
  <customErrors mode="off"/>
  <compilation debug="true" targetFramework="4.5.1" />
  <httpRuntime targetFramework="4.5" />
  <authentication mode="Windows" />
  <authorization>
     <allow users="*" />
  </authorization>
</system.web>

If you want any other sections of the web.config, ask me.

As for ApplicationHost.config, it is basically whatever VS2017 creates, since this is a fresh machine and there wasn't an existing one with the project. Changes I tried making:

<windowsAuthentication enabled="true">   

<anonymousAuthentication enabled="false" userName="">   

<section name="windowsAuthentication" overrideModeDefault="allow">

One additional datapoint: The application runs on Firefox. I can log on fine to our test servers, running IIS 8.5, but can't access the application on IIS Express.

I've since created a new MVC application and just ran that. It runs fine in IE, but it won't authenticate users from Firefox and Edge.

Edit: Found out that Edge doesn't support Windows Authentication on localhost: https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/4776775/

Still need to get it to work with Firefox.

Edit again: So, I think I know what is going on. I have two user accounts: the regular user account and an admin account with more privileges. What I did under Windows 7 was that while I logged into my regular account, I ran VS under my admin account. Then I could run my web application and log into the web site with my admin account. This doesn't seem to work anymore. The only way I could get my application to work is to run it all under my admin account. Otherwise, Windows authentication won't work. Security-wise, this is broken as hell and I'd like to find a better solution.

Jason B
  • 73
  • 2
  • 7
  • There are only IIS 7/8/10 Express. What's the edition of your Windows 10 machine? – Lex Li Aug 10 '18 at 16:15
  • It was whatever IIS Express came with VS 2013. Windows is Windows 10 Enterprise. – Jason B Aug 10 '18 at 16:24
  • Not sure if your edit is correct. Can you use a tool like Jexus Manager to review? https://www.jexusmanager.com/getting-started/features.html – Lex Li Aug 10 '18 at 16:26
  • No, I can't. Unfortunately, my dev machine is on its own network and I don't have the ability to move software onto it. – Jason B Aug 10 '18 at 16:34
  • Then you would have to post your configuration files as part of your question. I don't think you hit something special, as others do have IIS 10 Express working as expected. – Lex Li Aug 10 '18 at 16:37
  • Updated. Next step may be to create a web project in 2017 and see if there are any differences. – Jason B Aug 10 '18 at 17:03
  • What is your changes to `applicationHost.config`? Without that this question is incomplete. – Lex Li Aug 10 '18 at 17:04
  • Look at your `applicationhost.config` which is located at `%HOMEPATH%\Documents\IISExpress\config\`. It should have provider added under windows authentication section. See https://stackoverflow.com/a/5806794/881798 – vendettamit Aug 10 '18 at 17:20
  • What is listed in the link is what I have. – Jason B Aug 10 '18 at 17:30
  • There are tons of articles on how to let Firefox work with Windows authentication, like https://community.rsa.com/docs/DOC-53962 – Lex Li Aug 11 '18 at 03:01
  • Lex Li - Thanks, but that isn't the problem I'm trying to solve. I'm trying to get Windows Authentication to work at all for Firefox and IIS Express. – Jason B Aug 13 '18 at 04:11
  • Thank you for posting you resolution. I ran into this same problem out of the blue. I had an MVC application that accessed a web API. The only thing I found that worked was adding to the web.config of the MVC application. I still am unclear as to why this is necessary. – DerHaifisch Jul 03 '21 at 10:08

2 Answers2

1

you only need to change some properties in your project as mentioned in below link! enable windows authentication

mina morsali
  • 778
  • 1
  • 16
  • 29
  • 1
    Thanks for the input, but that's not the issue. Read the last edit above. – Jason B Feb 14 '19 at 19:09
  • In fact, this was my issue. I had to set Anonymous Authentication to disabled and Windows Authentication to enabled in the project properties. – Smile4ever Dec 02 '19 at 14:13
0

I'm going to mark this one as answered and I'll follow up with a new question. The current solution is to run everything on our admin account to get windows authentication working. Not ideal.

Jason B
  • 73
  • 2
  • 7