web.config in folder allowing all or no user authentication

Fixing this error if windows authentication is added to project after it's been created

That's a mouthful. I was having this issue when I added Windows authentication to an existing project. There were a couple of key things that I needed to do before it works:

  1. In Solution Explorer, Click on the project and then push F4. This should open up the Project properties.

  2. In Project Properties and under the Development Server, make the following changes:

    • Anonymous Authentication: Disabled
    • Windows Authentication: Enabled
  3. Include the following in the Web.config under <system.web>:

    <authorization>
      <allow users="DOMAIN\user"/>
      <deny users="*"/>
    </authorization>
    
  4. Still in the Web.config under <appSettings>:

    <add key="owin:AutomaticAppStartup" value="false"/>
    

This is what worked for me. If I'm doing something wrong, please let me know.

Hopefully this will help future individuals who are working with windows authentication after creating the project.


On your question you said you have a folder name but on the web.config you have given only the file name on the path. Use the foldername/filename.aspx like below. Use deny users="*" instead of deny users="?'

<location path="foldername/QualityCheckSurvey.aspx">
    <system.web>
        <authorization>
            <allow users="DomainName\User2"/>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>

EDIT

This looks like you have multiple web.config files in the same application. To avoid confusion just remove the one on the survey folder and on the root folder web.config add this code.

 <?xml version="1.0"?>
<configuration>
  <system.web>
    <authorization>
      <authentication mode="Windows" />
    </authorization>
  </system.web>

  <location path="survey/QualityCheckSurvey.aspx">
    <system.web>
      <authorization>
        <allow users="OEP\kevinh, OEP\shabierg, OEP\heilened" />
        <deny users="*" />
      </authorization>
    </system.web>
  </location> 

I am assuming the survey folder is inside the root folder.