Unable to get windows authentication to work through local IIS

Question

So I\'ve created a new ASP.NET MVC project using the intranet template. web.config contains the appropriate values (e.g.

Answer 1

After reading the answer of Espen Burud, I solved my problem by changing in the root's web.config:

<allow users="*" />

to

<deny users="?" />

The page that needs Windows Authentication is not in the root, but in a sub directory with its own web.config with deny users ? but that did not make Windows Authentication working. Apparently, you need to deny users in the root for that to work.

The IIS config has Anonymous Authentication enabled; that did not matter. After the above change of web.config, Windows Authentication worked.

Answer 2

You have to whitelist a domain specified in the hosts file in order for windows authentication to work:

1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
3. Right-click Parameters, click New, and then click DWORD (32-bit) Value.
4. Type DisableStrictNameChecking and press ENTER.
5. Double-click the DisableStrictNameChecking registry value and type 1 in the Value data box, click OK
6. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
7. Right-click MSV1_0, point to New, and then click Multi-String Value.
8. Type BackConnectionHostNames, and then press ENTER.
9. Right-click BackConnectionHostNames, and then click Modify.
10. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
11. Quit Registry Editor, and then restart the IISAdmin service.

NOTE: The original Microsoft KB links on this answer were broken and have been removed. This article provided the instructions for setting DisableStrictNameChecking.

Answer 3

Did you try putting the domain in front of the user name?

DOMAIN\username

If you don't have a domain account, try prefixing your username with the machine name:

MYCOMPUTER\myusername

Answer 4

To ensure that IIS uses Windows Authentication, I think you should try to turn of other authtentication methods. If Anonymous Authentication is enabled, Windows authentication will not work. You can also read this Microsoft Support Article which describes IE and IIS requirements in details.

Answer 5

Why local IIS? Can you use local IIS Express?

If so, try this. It seems that IIS Express by default has Windows Authentication set to false.

Change

<windowsAuthentication enabled="false">

to "true" in applicationhost.config file (under 'C:\Users[Profile]\Documents\IISExpress\config' folder). This works for me.

Answer 6

For Dot Net Core 2.2 and running on IIS, I was having issues with 401.2 Unauthorized when I would check the Enable Windows Authentication within my application. It was a exceedingly simple test website that did basically nothing, just to try and get windows authentication to work. I finally got the auth to work, and here's what you'll need:

Within Startup ConfigureServices:

services.AddAuthentication(IISDefaults.AuthenticationScheme);

Open the application's Properties, click Debug option on the left and make sure you check Enable Windows Authentication.

But here's the kicker that I had forgotten... Configure your system to have Windows Authentication installed on IIS. This was never setup on my machine, and regardless what I did, I would always get a 401 unauthorized error. After installing this (Win 10, IIS v10.0.18362.1) I now get a login prompt. This isn't exactly what I need at this point, but at least it's not the unauthorized error. Good luck and hopefully this helps.