Windows Authentication in MVC4 with IIS Express

MVC4 gone through some major changes in Windows Authentication functionality with IIS Express. In this article you will learn how to enable Windows Authentication in MVC4 Web Application on IIS Express, just follow the given steps.

 On Cassini web server it was quite difficult to test Windows Authentication as well as it doesn’t support SSL, URL Rewriting Rules etc. With IIS Express as your development server allows you to take full advantage of all web-server features (SSL, URL Rewrite Rules etc).  IIS is a full-fledged web-server – which means you’ll get an experience closer to what it will work like when you deploy the application on a production server.

Follow these steps to enable this in MVC4:

Step 1

Create an MVC Web Application preferably using Internet Application template or Intranet Application template.

Step 2

Open Web.config file and make following modifications:

<!—
<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
-->
   
<authentication mode="Windows" />

I just commented the Forms authentication and added Windows Authentication.

Step 3

By default MVC apps uses Form Authentication and Simple Membership, so you need to make it ‘false’ in order to run Windows Authentication.

<appSettings>
  <add key="webpages:Version" value="2.0.0.0" />
  <add key="webpages:Enabled" value="false" />
  <add key="PreserveLoginUrl" value="true" />
  <add key="ClientValidationEnabled" value="true" />
  <add key="UnobtrusiveJavaScriptEnabled" value="true" />

  <add key="autoFormsAuthentication" value="false" />
  <add key="enableSimpleMembership" value="false"/>
   
</appSettings>

Step 4

Select project name in solution explorer and then in the property explorer, click to enable the Windows Authentication.


These settings are called development server settings works with IIS Express and they don’t make any changes in actual configuration settings.

Step 5

In the property explorer you can disable the Anonymous Authentication if you want your complete website for authenticated users on development server.


Step 6

If you already disabled the anonymous authentication as suggested in above step 5 you don’t need to do/repeat this step.

If you don’t, let’s go and make any controller action for authorized users, as given below.


Alternatively, you can use [Authorize] action filter with controller directly instead of individual action methods to make every action methods for authorize users.

Step 7

Notice, in above step I’m using [Authorize] action filter with ‘About’ action. So, when I hit about view page, I’ll be prompted to enter my windows credentials.


When I entered my credentials and hit Login. I will see my windows authentication working.


Step 8

Further reading, please watch this nice video by Shivprasad Koirala sir (Questpond) https://www.youtube.com/watch?v=x4hzVLZjfLM.

Hope this helps.

Comments

  1. AnonymousMonday, September 30, 2013 4:56:00 am

    This helped me a lot, thanks

    ReplyDelete
  2. AnonymousFriday, October 11, 2013 4:44:00 am

    How to Re-Authenticate it with different user name and password?

    ReplyDelete
  3. AnonymousWednesday, October 16, 2013 4:27:00 am

    This helped me a lot thank for the post

    ReplyDelete
  4. AnonymousTuesday, February 04, 2014 3:15:00 am

    I was tried it is not working is there any iis setting?

    selva

    ReplyDelete
  5. KathirvelTuesday, March 25, 2014 4:35:00 am

    Hi Selva what is the error you are getting

    ReplyDelete
  6. cpdasMonday, June 30, 2014 1:31:00 am

    Hi, till step 5 i have configured with Anonymous Authentication = disabled. But site does not prompt me user id and pwd.

    Also i want to sign in as different user , how is this posisble?

    ReplyDelete
  7. AnonymousFriday, August 29, 2014 9:04:00 am

    Thanks for your post. This worked well for me.

    ReplyDelete
  8. WWJamiesonThursday, April 14, 2016 11:39:00 am

    I must be missing something. To work like previous apps using windows authentication, you DON'T (or shouldn't) get prompted for credentials (that's the whole idea behind user-level security, right?). I do get prompted running locally under VS 2013 with IIS Express but don't remotely to the IIS server.

    ReplyDelete

Post a Comment

Popular posts from this blog

Migrating database from ASP.NET Identity to ASP.NET Core Identity

Image
As you know ASP.NET Core Identity (table structure) is different from what we had earlier in ASP.NET Identity. Actually the identity system which we have today with .NET Core is very mature and continuously evolved be it ASP.NET Membership, ASP.NET Identity 1, ASP.NET Identity 2 and now ASP.NET Core Identity. Recently I had to migrate few application to ASP.NET Core and similar its identity database. Because the table schema is changed, i had to re-think and create migration script which I would like to share with you today. It is very simple and easy, just three step and I had everything ready: STEP 1 : Change name of existing tables STEP 2 : Create ASP.NET Core Identity tables STEP 3 : Migrate data from old tables (ASP.NET Identity) to new tables (ASP.NET Core Identity) Script:  https://gist.github.com/itorian/c699e8534b392a6c726ec66c48100072 You should also watch my video, where I demoed migration.
Read More »

Customize User's Profile in ASP.NET Identity System

Image
Note: You should read this post instead, I found below walkthrough will not work on ASP.NET Identity 2. I will re-work on this post soon. In this post you will learn how to customize User’s Profile and add some more fields like FirstName, LastName, EmailID etc with ASP.NET Identity System. In my last post I listed some of the great new features introduced with Identity system .
Read More »