I'm using IIS and trying to deploy a web application that needs authentication mode="Windows".
However on every machine I try this on, simply deploying the web app doesn't work. The web.config says
<authentication mode="Windows">
but under the IIS manager it says
Windows Authentication Disabled
So I save a backup of my web.config, then I use IIS to enable windows authentication. After I do that, my application works fine but the web.config file is unchanged.
I have to automatically create a new instance of this web app for each client. Requiring an IT guy to manually go to each webapp and turn on this feature is a non-starter. I need the web.config file to work, or I need to know what config file I have to change to make it work. I've spent days trying to get this sorted without success.
Any help is much appreciated.
Authentication: The client generates and hashes a response and sends it to the IIS server. The server receives the challenge-hashed response and compares it to what it knows to be the appropriate response. If the received response matches the expected response, the user is successfully authenticated to the server.
On the taskbar, click Start, and then click Control Panel. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off. Expand Internet Information Services, then World Wide Web Services, then Security. Select Windows Authentication, and then click OK.
In the Authentication pane, select Anonymous Authentication, and then click Edit... in the Actions pane. In the Edit Anonymous Authentication Credentials dialog box, do one of the following: Select Application pool identity to use the identity set for the application pool, and then click OK.
I'm presuming that you are authenticating users against some windows user accounts? I am also presuming that you want the browser to pop up the username and password challenge?
There are two different things at work here.
The <authentication mode="Windows"/>
setting in web.config
is just telling ASP.NET to construct an identity based on credentials supplied by IIS rather than by Forms Authentication (or another provider). It is not a setting controlled by IIS and IIS has no visibility of this setting. Also changing this setting in web.config
will not change the authentication settings for IIS.
When you change the Windows Authentication settings in IIS MMC you are altering a setting in the IIS6 metabase or if you're using IIS7 the system.webServer/security/authentication
section (in your web.config
or possibly in applicationHost.config
depending on how the setting was altered).
So unless you (you know this):
remove anonymous authentication from the site in IIS MMC, or remove NTFS permissions for the anonymous account on the sites files and folders
specify Windows Authentication in IIS MMC
You won't get the username and password challenge in the browser regardless of the setting in system.web/authentication
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With