Menu
I'm creating an Intranet site in ASP.NET MVC 3 Beta and would like to use Windows Authentication exclusively. In addition, I'd like to use the Visual Studio Development Server in VS2010.
I modified the default web.config file to remove all references to forms authentication and switched to this:
<authentication mode="Windows" /> <authorization> <deny users="?" /> </authorization> However, when I launch my site and get the default page, I get this reply:
HTTP/1.1 302 Found Server: ASP.NET Development Server/10.0.0.0 Date: Tue, 02 Nov 2010 14:05:19 GMT X-AspNet-Version: 4.0.30319 Location: /Account/Login?ReturnUrl=%2f Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 145 Connection: Close Which leads to this message in my browser:
Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /Account/Login
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.1 Version:4.0.30319.1
If I select the "NTLM Authentication" in the project properties under "Use Visual Studio Development Server" then I correctly get this reply on connect:
HTTP/1.1 401 Unauthorized Server ASP.NET Development Server/10.0.0.0 Date: Tue, 02 Nov 2010 14:07:37 GMT Content-Length: 1211 WWW-Authenticate: NTLM But then when I authenticate, I get the 302
I think this is just a matter of clearing out some default value but am not sure ("/Account/Login" doesn't appear anywhere in my web.config files). If I remove the "deny" part then things work fine except that I don't get an authenticated Principal and effectively remain anonymous.
I believe this used to work in ASP.NET MVC 2 and VS2008 by just changing the authentication mode to Windows, however it doesn't seem to work that way any more.
I know I'm probably missing something basic. Thanks!
Note: This question is similar to the "Problem restricting anonymous access to an ASP.Net MVC Site" question, but different in that I want to exclusively use Windows authentication.
290
By default MVC apps use Form Authentication and Simple Membership, so you need to make it "false" to run Windows Authentication. Select the project name in Solution Explorer and then in the Property Explorer, click to enable Windows Authentication.
ASP.NET supports three types of authentication: Windows, Passport, and forms.
In the IIS Manager: Expand the computer name, then Sites, then Default Web Site, then click on the name of the desired site. Select Authentication. Set Windows Authentication to Disabled and set Basic Authentication to Enabled.
I had exactly the same problem. Turns out there was a change in MVC 3 (fairly well hidden, too) that has Forms authentication automatically enabled by default, in order to disable it add the following line to your root Web.config file, under the appSettings key...
<add key="autoFormsAuthentication" value="false" /> Hope that helps!
116
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
