0

I have a ASP.NET site that should use Windows authentication. I've modified web.config to include the following code:

<system.web>
    <authentication mode="Windows" />
    <authorization>
        <allow roles="domain\application users"/>
        <deny roles="domain\domain users" />
    </authorization>
</system.web>

I've been able to get this same exact code to work in another ASP.NET application. However, this application doesn't even prompt for credentials and lets all users through during debug in Visual Studio using IIS Express; it's like Windows authentication isn't actually registering.

I've used HttpContext.Current.User.Identity.IsAuthenticated in the codebehind to make sure my assumption is correct and it does return false.

I'm unsure whether Windows authentication works in the released version because I don't want to deploy it while it isn't working as intended.

What could I be missing here? Is there something wrong with my code or do I need to do something to correctly configure IIS?

mgstrick98
  • 11
  • 3
  • Congrats on your first post. It would help if you would do more research on your own questions. Looks like your last question might lead you to a solution. – Alex S Oct 08 '20 at 15:11
  • Is Anonymous Authentication enabled or disabled in IIS? – mason Oct 08 '20 at 15:19
  • @mason thanks for the suggestion - I actually just figured out that it was because the solution in Visual Studio didn't have Windows authentication turned on in its properties. – mgstrick98 Oct 08 '20 at 16:12
  • Keep in mind the prompt is only optional, https://learn.microsoft.com/en-ca/troubleshoot/browsers/prompt-for-username-and-password – Lex Li Oct 08 '20 at 23:28

1 Answers1

1

I eventually stumbled across another question (Windows Authentication not working in existing asp.net site) which helped me out - I was correctly configuring my site but had decided after creating the project to add Windows authentication, meaning that it wasn't configured correctly in the solution properties themselves. Changing Windows Authentication to Enabled and Anonymous Authentication to Disabled in the Development Server properties fixed my issue.

mgstrick98
  • 11
  • 3