Why is my MVC3 web page not sending Windows credentials to IIS Express?

Question

I have been struggling with getting Windows Authentication to work with my MVC3 application in development (VS 2010 SP1), with no real luck so far. I am running XP on my dev machine (no money until next year for an upgrade), if that makes a difference. I should also mention I am using IIS Express as the default web development server from VS 2010.

I started with an empty MVC3 app awhile back, as I didn't have the Intranet template available from the VS menu until I upgraded the MVC3 tools yesterday (OK, I was a little slow). Once I installed and inspected that template, I added a reference to DirectoryServices to my project and added the bit of code that displays the current logged-on user in the upper right corner of the page. According to the graphics, it should now say "Welcome PCE\dnewman!"

I followed the excellent instructions in this post: IIS Express Windows Authentication and did make some headway. However, I now get the 401.2 error from IIS Express, telling me I am not authorized...

So, I went in to my project properties and set Anonymous Authentication to Enabled. Now I can access the web page, but what I see in the upper right corner of my page is "Welcome !" -- no username.

I tried this with both IE and Firefox, with the same result. What the $#^&! am I missing here? It seems I am not logged in to Windows!! Where do I need to start looking for the problem?

At a previous employer a couple of years back, I wrote a Windows Forms app that authenticated the user with their Windows logon credentials. In that case, I had to take special care to both send the credentials and then to explicitly authenticate them on the service end. Is there something I have to do to make the browser include credentials with every GET or POST?

By request, here's the contents of my web.config, with apologies for all the Glimpse config stuff.

<?xml version="1.0" 
  encoding="utf-8"?>
<configuration>
  <configSections>
    <section name="glimpse" 
         type="Glimpse.Core.Configuration.GlimpseConfiguration" />
  </configSections>
  <appSettings>
    <add key="ClientValidationEnabled" 
     value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" 
     value="true" />
  </appSettings>
  <system.web>
    <compilation debug="true" 
             targetFramework="4.0">
      <assemblies>
        <add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <add assembly="System.Web.Helpers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Web.WebPages, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
      </assemblies>
    </compilation>
    <pages>
      <namespaces>
        <add namespace="System.Web.Mvc" />
        <add namespace="System.Web.Mvc.Ajax" />
        <add namespace="System.Web.Mvc.Html" />
        <add namespace="System.Web.Routing" />
        <add namespace="System.Web.Helpers" />
        <add namespace="System.Web.WebPages" />
      </namespaces>
    </pages>
    <trace writeToDiagnosticsTrace="true" 
       enabled="true" 
       pageOutput="false" />
    <httpModules>
      <add name="Glimpse" 
       type="Glimpse.Core.Module" />
    </httpModules>
    <httpHandlers>
      <add path="glimpse.axd" 
       verb="GET,POST" 
       type="Glimpse.Core.Handler" />
    </httpHandlers>
  </system.web>
  <system.webServer>
    <security>
      <authentication>
        <anonymousAuthentication enabled="false"/>
        <windowsAuthentication enabled="true" />
      </authentication>
    </security>
    <modules runAllManagedModulesForAllRequests="true">
      <add name="Glimpse" 
       type="Glimpse.Core.Module,Glimpse.Core" 
       preCondition="integratedMode" />
    </modules>
    <validation validateIntegratedModeConfiguration="false" />
    <handlers>
      <add name="Glimpse" 
       path="glimpse.axd" 
       verb="GET,POST" 
       type="Glimpse.Core.Handler,Glimpse.Core" 
       preCondition="integratedMode" />
    </handlers>
  </system.webServer>
  <system.serviceModel>
    <bindings>
      <netTcpBinding>
        <binding name="NetTcpBinding_IReporting" 
             maxBufferSize="1024000" 
             maxBufferPoolSize="1000000" 
             maxReceivedMessageSize="1024000">
          <readerQuotas maxDepth="200" 
                    maxStringContentLength="65536" 
                    maxArrayLength="32768" 
                    maxBytesPerRead="4096" 
                    maxNameTableCharCount="16384" />
          <security mode="None" />
        </binding>
        <binding name="normalBinding">
          <security mode="None" />
        </binding>
      </netTcpBinding>
    </bindings>
    <client>
      <endpoint name="tcpAdminServiceEndpoint" 
            address="net.tcp://PCESRV22.pce.local:9000/ProductionMonitor/AdminService" 
            binding="netTcpBinding" 
            bindingConfiguration="normalBinding" 
            contract="Contracts.IAdmin" />
      <endpoint name="tcpMasterDataServiceEndpoint" 
            address="net.tcp://PCESRV22.pce.local:9010/ProductionMonitor/MasterDataService" 
            binding="netTcpBinding" 
            bindingConfiguration="normalBinding" 
            contract="Contracts.IMasterData" />
      <endpoint name="tcpReportingServiceEndpoint" 
            address="net.tcp://PCESRV22.pce.local:9030/ProductionMonitor/ReportingService" 
            binding="netTcpBinding" 
            bindingConfiguration="NetTcpBinding_IReporting" 
            contract="Contracts.IReporting" />
    </client>
  </system.serviceModel>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" 
                      publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" 
                     newVersion="3.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <glimpse enabled="true" />
</configuration>

I am more than willing to divulge more details as needed, but I really don't even know where to start looking. Every post or article I can find seems to assume this part just happens as part of the Windows/MVC3/ASP.NET setup.

Thanks, Dave

Answer 1

If you follow all the recommendations in the referenced post, you'll end up with a non-working mess, like I did. Each answer has its own merit, but applying all of them only ends in frustration.

The post from Microsoft that answered all questions and got me working is here: How to Create an Intranet Site Using ASP.NET MVC

Save this link, it's golden...

I also found the "Add Deployable Dependencies" option can break Windows authentication. If I selected the "ASP.NET Web Pages with Razor syntax" option in the "Add Deployable Dependencies" dialog box, it immediately broke Windows authentication and seemed to go back to forms authentication -- I got a 404 error "The resource cannot be found" looking for /Account/Login. I didn't have to deploy it, just selecting that option broke it. The only way to fix it then is to start over. I was unable to remove enough of anything to get it to start working again, and I was unable to determine what change was made that caused this behavior.

This blog post saved the day: How to Deploy an ASP.NET MVC 3 App to Web Hosting with "\bin Deployment" - it shows which assemblies are needed and how to get them included with your web app when you deploy it WITHOUT using the "Add Deployable Dependencies" nonsense.

I hope this saves somebody the hours I spent trying to get it all to work.