Windows Authentication doesn't work with IIS E

2019-07-29 10:50发布

问题:

At work we were forced into a hardware refresh where we went from a Windows 7 box with VS 2013 and IIS Express 6 to a Windows 10 box with VS 2017 and IIS Express 10. The problem is that Windows Authentication refuses to work. I get a 401.2 - Unauthorized with the explanation of "Invalid Authentication Headers".

I've checked the web.config and the properties for the web project and they are correct. I've modified the applicationhost.config file in the .vs folder in the project to enable windows authentication. I even checked the permissions of the files to make sure authenticated users had the right permissions. None of this has worked.

This all worked fine in IIS Express 6. What did Microsoft change in IIS Express 10 that screws this all up?

Edit: have to manually type this stuff in, since I can't move code from the dev machine.

web.config:

<system.web>
  <customErrors mode="off"/>
  <compilation debug="true" targetFramework="4.5.1" />
  <httpRuntime targetFramework="4.5" />
  <authentication mode="Windows" />
  <authorization>
     <allow users="*" />
  </authorization>
</system.web>

If you want any other sections of the web.config, ask me.

As for ApplicationHost.config, it is basically whatever VS2017 creates, since this is a fresh machine and there wasn't an existing one with the project. Changes I tried making:

<windowsAuthentication enabled="true">   

<anonymousAuthentication enabled="false" userName="">   

<section name="windowsAuthentication" overrideModeDefault="allow">

One additional datapoint: The application runs on Firefox. I can log on fine to our test servers, running IIS 8.5, but can't access the application on IIS Express.

I've since created a new MVC application and just ran that. It runs fine in IE, but it won't authenticate users from Firefox and Edge.

Edit: Found out that Edge doesn't support Windows Authentication on localhost: https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/4776775/

Still need to get it to work with Firefox.

Edit again: So, I think I know what is going on. I have two user accounts: the regular user account and an admin account with more privileges. What I did under Windows 7 was that while I logged into my regular account, I ran VS under my admin account. Then I could run my web application and log into the web site with my admin account. This doesn't seem to work anymore. The only way I could get my application to work is to run it all under my admin account. Otherwise, Windows authentication won't work. Security-wise, this is broken as hell and I'd like to find a better solution.

回答1:

I'm going to mark this one as answered and I'll follow up with a new question. The current solution is to run everything on our admin account to get windows authentication working. Not ideal.



回答2:

you only need to change some properties in your project as mentioned in below link! enable windows authentication