I’m using IIS and trying to deploy a web application that needs authentication mode=”Windows”.
However on every machine I try this on, simply deploying the web app doesn’t work. The web.config says
<authentication mode="Windows">
but under the IIS manager it says
Windows Authentication Disabled
So I save a backup of my web.config, then I use IIS to enable windows authentication. After I do that, my application works fine but the web.config file is unchanged.
I have to automatically create a new instance of this web app for each client. Requiring an IT guy to manually go to each webapp and turn on this feature is a non-starter. I need the web.config file to work, or I need to know what config file I have to change to make it work. I’ve spent days trying to get this sorted without success.
Any help is much appreciated.
I’m presuming that you are authenticating users against some windows user accounts? I am also presuming that you want the browser to pop up the username and password challenge?
There are two different things at work here.
The
<authentication mode="Windows"/>setting inweb.configis just telling ASP.NET to construct an identity based on credentials supplied by IIS rather than by Forms Authentication (or another provider). It is not a setting controlled by IIS and IIS has no visibility of this setting. Also changing this setting inweb.configwill not change the authentication settings for IIS.When you change the Windows Authentication settings in IIS MMC you are altering a setting in the IIS6 metabase or if you’re using IIS7 the
system.webServer/security/authenticationsection (in yourweb.configor possibly inapplicationHost.configdepending on how the setting was altered).So unless you (you know this):
remove anonymous authentication from the site in IIS MMC, or remove NTFS permissions for the anonymous account on the sites files and folders
specify Windows Authentication in IIS MMC
You won’t get the username and password challenge in the browser regardless of the setting in
system.web/authentication.