Using Windows Authentication in ASP.NET
Windows Authentication with IISExpress
Update your web.config
Make sure your web.config file both enables windows authentication and also denies anonymous authentication. HttpContext.Current.User.Identity.Name
will be blank if the app falls through to anonymous authentication. Your config should look something like this:
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>
Error 401.2 Unauthorized
Sometimes, you might get the error 401.2 Unauthorized: Logon failed due to server configuration error
. If you do, verify that you have permission to view this directory or page based on the credentials you supplied. Also make sure you have the authentication methods enabled on the Web server.
Updating applicationhost.config
You also might find you have to update the IISExpress applicationhost.config file (dont’ worry – I didn’t know it either). This is essentially the file version of the IIS configuration tool, where you can configure the web server itself. Finding the applicationhost.config
file can be tricky. It might be in:
%userprofile%\documents\iisexpress\config\applicationhost.config
or
%userprofile%\my documents\iisexpress\config\applicationhost.config
Once you find it, update the following lines (paying special attention to enabled=true
):
<windowsAuthentication enabled="true">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
This is the article
We use Windows authentication for almost all of our intranet apps, including SharePoint. Employees must login if their browser doesn't automatically send their Windows credentials automatically to the site.
On IE, this is a matter of the browser's configuration. I think there are also ways to configure Chrome and Firefox to send Windows login automatically. I think Chrome will follow Window's internet settings (on the client) just like IE. Try to set the User Authentication options to "Automatic Logon with current username and password".
See below screenshot for an illustration to where that is.
Also note that this involves the user's browser sending a Windows Token to the application. The application must understand and trust the source of this token, and this would work with the support of a "domain" in which both the user and application reside in. I think it will work on a single machine (while you are debugging), but if you want this to work on multiple computers on a network, you need to look into creating a domain. A typical way to create a domain is Active Directory.
Let me know.
When debugging my web app in VS 2017, I found I needed to update [solution path]\.vs\config\applicationhost.config. I replaced the authentication section with:
<authentication>
<anonymousAuthentication enabled="false" userName="" />
<basicAuthentication enabled="false" />
<clientCertificateMappingAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<iisClientCertificateMappingAuthentication enabled="false">
</iisClientCertificateMappingAuthentication>
<windowsAuthentication enabled="true">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>
More here: https://stackoverflow.com/a/4813716/555142