Home/ Questions/Q 3345490
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T01:11:31+00:00

I’m creating an Intranet site in ASP.NET MVC 3 Beta and would like to

  • 0

I’m creating an Intranet site in ASP.NET MVC 3 Beta and would like to use Windows Authentication exclusively. In addition, I’d like to use the Visual Studio Development Server in VS2010.

I modified the default web.config file to remove all references to forms authentication and switched to this:

<authentication mode="Windows"  />
<authorization>
  <deny users="?" />
</authorization>

However, when I launch my site and get the default page, I get this reply:

HTTP/1.1 302 Found
Server: ASP.NET Development Server/10.0.0.0
Date: Tue, 02 Nov 2010 14:05:19 GMT
X-AspNet-Version: 4.0.30319
Location: /Account/Login?ReturnUrl=%2f
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 145
Connection: Close

Which leads to this message in my browser:

Server Error in ‘/’ Application.

The resource cannot be found.

Description: HTTP 404. The resource
you are looking for (or one of its
dependencies) could have been removed,
had its name changed, or is
temporarily unavailable. Please
review the following URL and make sure
that it is spelled correctly.

Requested URL: /Account/Login

Version Information: Microsoft .NET
Framework Version:4.0.30319; ASP.NET
Version:4.0.30319.1 Version:4.0.30319.1

If I select the “NTLM Authentication” in the project properties under “Use Visual Studio Development Server” then I correctly get this reply on connect:

HTTP/1.1 401 Unauthorized Server
ASP.NET Development Server/10.0.0.0
Date: Tue, 02 Nov 2010 14:07:37 GMT
Content-Length: 1211 
WWW-Authenticate: NTLM

But then when I authenticate, I get the 302

I think this is just a matter of clearing out some default value but am not sure (“/Account/Login” doesn’t appear anywhere in my web.config files). If I remove the “deny” part then things work fine except that I don’t get an authenticated Principal and effectively remain anonymous.

I believe this used to work in ASP.NET MVC 2 and VS2008 by just changing the authentication mode to Windows, however it doesn’t seem to work that way any more.

I know I’m probably missing something basic. Thanks!

Note: This question is similar to the “Problem restricting anonymous access to an ASP.Net MVC Site” question, but different in that I want to exclusively use Windows authentication.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I had exactly the same problem. Turns out there was a change in MVC 3 (fairly well hidden, too) that has Forms authentication automatically enabled by default, in order to disable it add the following line to your root Web.config file, under the appSettings key…

    <add key="autoFormsAuthentication" value="false" />

    Hope that helps!

    • 0