Redirect to custom Windows Authentication login page if user anonymous in ASP.NET MVC

Question

I have an ASP.NET MVC intranet site using Windows Authentication. It's set up from the default project for ASP.NET MVC using Windows Authentication. I've been struggling with finding information on overriding the default login popup if a user is not authenticated / anonymous.

Default login prompt:

Everything I find on the internet is nearly 10 years old, using classic ASP, or Web Forms. Nothing I can find is using ASP.NET MVC.

What I'd like to do is for the user to be redirected to a Login view if they are anonymous / not authenticated. Additionally, the ability to log out if they are automatically authenticated and log in as a different user.

The main problem I have is that I can't find where the actual authentication is done in my project. I've checked App_Start, Global.asax, etc. I can't find how to override it, either.

I know there is a lack of code on my part, but I'd appreciate if someone had a good starting point or experience with this requirement.

Answer 1

Well... is not possible to implement a custom login for an IIS site using Integrated Windows Authentication. Reasons:

• Windows Authentication works on a different TCP/IP layer than Form Authentication (if I remember correctly, Internet layer vs Application layer). Also, you have different types and version on Windows authentication to consider (different Kerberos version with NTLM fallback).
• The windows authentication form is build-in into the browser
• An IIS website cannot have mixed authentication (Windows based AND forms based)

However, there are workarounds. I can think of two, for example:

1. Implement a custom membership provider, where you can use, when needed, an impersonation/delegation mechanism
2. Implement a single sign-on architecture, using, for example, ADFS.