0

I'm trying to build my first ASP.NET MVC 4, Intranet application using IIS Express. But when I run the default project using this configuration :

 <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
    <authentication mode="Windows" />
    <authorization>
      <deny users="?" />
    </authorization>

The web application requires a username and a password to access. Where do I find that, plese ? How can I configure that ?

Thanks in adavance !

user3212730
  • 373
  • 3
  • 4
  • 13
  • http://www.wiktorzychla.com/2012/06/iis-75-integrated-security-with-no.html – Wiktor Zychla Jan 24 '14 at 20:32
  • Which browser are you using? IE should pick up your windows credentials but other browsers don't do it so well. – Mike Cheel Jan 24 '14 at 20:35
  • @Mike Cheel: Google Chrome – user3212730 Jan 24 '14 at 20:39
  • Does it work when you use IE (to rule out other issues)? – Mike Cheel Jan 24 '14 at 20:42
  • 1
    Also, see this post: http://stackoverflow.com/a/7813778/426422 – Mike Cheel Jan 24 '14 at 20:43
  • @MikeCheel, using IE haven't change the issue. – user3212730 Jan 24 '14 at 20:46
  • Unless there is something in a config higher up (web.config or machine.config) it should be working. Are you doing anything weird there? What happens when you change the deny to allow with a question mark? I think you are saying deny authenticated users the way you have it now. – Mike Cheel Jan 24 '14 at 20:50
  • What server are you running this on? Cassini, IIS Express, or IIS? You might need to enable windows authentication at the iis and/or server level. See: http://www.asp.net/mvc/tutorials/older-versions/security/authenticating-users-with-windows-authentication-cs – Saturn K Jan 24 '14 at 21:05

2 Answers2

0

You could use the following configuration to allow certain users without the need to log in: 

<authorization>
  <allow users="user1,user2,...,userN" />
  <deny users="*" />
</authorization>

Where user1, user2 up to userN are the names of the users you want to get authentically logged in (without the need to enter any password). If you want all the users to automatically log in you should follow the advice of Wiktor and read the article he pasted in the comment: http://www.wiktorzychla.com/2012/06/iis-75-integrated-security-with-no.html

Paweł Bejger
  • 5,696
  • 18
  • 26
  • can you explain that configuration please ? – user3212730 Jan 24 '14 at 20:32
  • @bejger: that is definitely not necessary – Wiktor Zychla Jan 24 '14 at 20:33
  • @bejger: Thanks what about the password ? – user3212730 Jan 24 '14 at 20:38
  • If the user is granted access (via ) there is no need for him/her to enter any password. If you follow the advice of Wiktor you will also not need any passwords - anonymous access will be granted out of the box. – Paweł Bejger Jan 24 '14 at 20:39
  • @bejger, this doesn't work. Using these settings, I've entered as username ="user1" and nothing in password and confirmed it. I got an error page. – user3212730 Jan 24 '14 at 20:44
  • Shouldn't the deny go first since the rules are processed in order if you wanted to deny everyone but user1, user2, etc? – Mike Cheel Jan 24 '14 at 20:53
  • No, it might look unintuitive, but the "*" in the tag denies all the users that do not have their access set explicitly. See e.g. this article: http://www.asp.net/web-forms/tutorials/security/membership/user-based-authorization-cs – Paweł Bejger Jan 24 '14 at 20:56
0

Since your Authentication mode is Windows <authentication mode="Windows" />, it should authenticate against Windows user accounts on the server.

mxmissile
  • 10,351
  • 3
  • 47
  • 74