Develop Reference

Hosting a mvc app via IIS with windows authentication, but I get IIS APPPOOL\ APP I need the windows user that connects (works with IIS express)

I saw similar questions like this on here but I simply can't find a good solution.
My problem:
I have an app that need to retrieve data from a connection string, and information that is retrieved depends on the authenticated windows user. When I run this in dev environment with IIS Express I get my logged in user.
However when I host it via IIS Local i get ( IIS APPPOOL\ ) as the user. I need this to be the windows user.
Even tho I get the login the application still outputs APPPOOL when I check this in my views
Anyone with a good solution to this?
I tried:
#System.Web.HttpContext.Current.User.Identity.Name
#System.Security.Principal.WindowsIdentity.GetCurrent().Name
#HttpContext.Current.Request.LogonUserIdentity.Name
<system.web>
<authentication mode="Windows" />
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
<identity impersonate="true" />
<trace enabled="true" />
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
</system.webServer>

It sounds like your application are always imepersonate as application pool identity.
I can get the correct windows identity via
System.Web.HttpContext.Current.User.Identity.Name
HttpContext.Current.Request.LogonUserIdentity.Name
User.Identity.Name;
First of all, please ensure your authentication looks like this. Please disable impersonate and anonymous at the same time.
<location path="mysite">
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
<anonymousAuthentication enabled="false" />
</authentication>
</security>
</system.webServer>
</location>
Secondly,please promise your windows authentication are not executed with app pool credential
Finally, you should get the correct credential.

HTTP Error 401.0 - Unauthorized error message

I have developed a simple ASP.Net MVC 4 application using Windows Authentication to run on our company's local network. It works fine when deployed on IIS. But if I run the application through Visual studio, I get error message
Here is how my Web.Config file looks like
<system.web>
<authentication mode="Windows" />
<roleManager defaultProvider="WindowsProvider" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime maxUrlLength="32767" maxQueryStringLength="32767" targetFramework="4.5" />
</system.web>
<system.webServer>
<modules>
<!--<remove name="FormsAuthenticationModule" />-->
</modules>
<security>
<requestFiltering>
<requestLimits maxUrl="32767" maxQueryString="32767" />
</requestFiltering>
</security>
For debugging, Application is configured to run using "Local IIS Web Server" with "Use IIS Express" option checked in Applications's Properties ->Web tab.

It turns out to be that I had to Enable Windows Authentication, Disable Anonymous Authentication in the Development Server Properties of my Project.

You need to add to project Web.config this:
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="1" />
</authentication>
</system.web>
Where /Account/Login is your login method from controller.

Make sure your Directory Browsing is enabled.
See this link for adding user in IIS.

Using Windows Authentication in ASP.NET

I'm trying to use Windows Authentication in my ASP.NET application. Whenever I try to view the app it sends me to a login page. How can I make it work without having to manually login via the browser?
web.config
<system.web>
<authentication mode="Windows"></authentication>
<anonymousIdentification enabled="false"/>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<customErrors mode="Off"></customErrors>
<identity impersonate="true"></identity>
<compilation debug="true" targetFramework="4.0" />
<httpRuntime />
</system.web>
error after updating IIS Express
Most likely causes:
No authentication protocol (including anonymous) is selected in IIS.
Only integrated authentication is enabled, and a client browser was used that does not support integrated authentication.
Integrated authentication is enabled and the request was sent through a proxy that changed the authentication headers before they reach the Web server.
The Web server is not configured for anonymous access and a required authorization header was not received.
The "configuration/system.webServer/authorization" configuration section may be explicitly denying the user access.
applicationhost.config
<authentication>
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="false" />
<clientCertificateMappingAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<iisClientCertificateMappingAuthentication enabled="false">
</iisClientCertificateMappingAuthentication>
<windowsAuthentication enabled="true">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>

Windows Authentication with IISExpress
Update your web.config
Make sure your web.config file both enables windows authentication and also denies anonymous authentication. HttpContext.Current.User.Identity.Name will be blank if the app falls through to anonymous authentication. Your config should look something like this:
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>
Error 401.2 Unauthorized
Sometimes, you might get the error 401.2 Unauthorized: Logon failed due to server configuration error. If you do, verify that you have permission to view this directory or page based on the credentials you supplied. Also make sure you have the authentication methods enabled on the Web server.
Updating applicationhost.config
You also might find you have to update the IISExpress applicationhost.config file (dont’ worry – I didn’t know it either). This is essentially the file version of the IIS configuration tool, where you can configure the web server itself. Finding the applicationhost.config file can be tricky. It might be in:
%userprofile%\documents\iisexpress\config\applicationhost.config
or
%userprofile%\my documents\iisexpress\config\applicationhost.config
Once you find it, update the following lines (paying special attention to enabled=true):
<windowsAuthentication enabled="true">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
This is the article

We use Windows authentication for almost all of our intranet apps, including SharePoint. Employees must login if their browser doesn't automatically send their Windows credentials automatically to the site.
On IE, this is a matter of the browser's configuration. I think there are also ways to configure Chrome and Firefox to send Windows login automatically. I think Chrome will follow Window's internet settings (on the client) just like IE. Try to set the User Authentication options to "Automatic Logon with current username and password".
See below screenshot for an illustration to where that is.
Also note that this involves the user's browser sending a Windows Token to the application. The application must understand and trust the source of this token, and this would work with the support of a "domain" in which both the user and application reside in. I think it will work on a single machine (while you are debugging), but if you want this to work on multiple computers on a network, you need to look into creating a domain. A typical way to create a domain is Active Directory.
Let me know.

When debugging my web app in VS 2017, I found I needed to update [solution path]\.vs\config\applicationhost.config. I replaced the authentication section with:
<authentication>
<anonymousAuthentication enabled="false" userName="" />
<basicAuthentication enabled="false" />
<clientCertificateMappingAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<iisClientCertificateMappingAuthentication enabled="false">
</iisClientCertificateMappingAuthentication>
<windowsAuthentication enabled="true">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>
More here: https://stackoverflow.com/a/4813716/555142

Open IIS (Windows + R 'inetmgr')
Select the IIS Server (Root Node)
Double Click - 'Authentication'
Windows Authentication - Right-click and select 'Enable'
Forms Authentication - Right-click and select 'Disable'
Restart the IIS Server

I was able get it working by removing the negotiate provider.
<windowsAuthentication enabled="true">
<providers>
<add value="NTLM" />
</providers>
</windowsAuthentication>

ASP.NET Active Directory Auto-Login

I'm making a simple website to learn about asp.net/AD authentication.
I used some of the code snippets from this tutorial: https://support.microsoft.com/en-us/kb/316748 to successfully use AD with Forms Authentication from a login page. I use these IIS Authentication settings for the website:
Anonymous Authentication -Enabled
ASP.NET Impersonation -Disabled
Basic Authentication -Disabled
Digest Authentication -Disabled
Forms Authentication -Enabled
Windows Authentication -Disabled
I want to use the credentials for the currently logged in windows user and either not prompt or only prompt if it fails. When I change the Web.config authentication mode to "Windows" and the the IIS settings as shown below it has a pop-up credentials prompt but just keeps prompting and never accepts the credentials.
Anonymous Authentication -Enabled
ASP.NET Impersonation -Disabled
Basic Authentication -Disabled
Digest Authentication -Disabled
Forms Authentication -Disabled
Windows Authentication -Enabled
I've tried several other combinations but they all failed.
All files in this website are:
LdapAuthentication.cs - is in App_Code and is a direct copy/paste from the tutorial
Logon.aspx - is copy/pasted from the tutorial with the companies LDAP path added
Default.aspx - is a direct copy/paste from the WebForm1.aspx in the tutorial
Web.config (shown below)
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5">
<assemblies>
<add assembly="System.DirectoryServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
</assemblies>
</compilation>
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms"> <!-- I also tried "Windows" -->
<forms loginUrl="logon.aspx" name="adAuthCookie" timeout="10" path="/" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<identity impersonate="true" />
<anonymousIdentification enabled="false" />
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
</system.webServer>
</configuration>

Ensure that IIS is right configured to use ActiveDirectory Authentication with Forms, it works with local server from Visual studio but not in IIS.
In IIS 7+ it's the application pool account.
- Simply create a new application pool that runs under that account and assign that app pool to your application/site.
- Right click to the new pool (example ASP.NET V4.0 Mypool) - > Advanced Settings
- In Process model, choose LocalSystem as Identity.
Web.config:
<system.web>
<compilation targetFramework="4.0" debug="true"/>
..........
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="adAuthCookie" timeout="10" path="/"/>
</authentication>
<identity impersonate="false"/>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>

Forms Authentication not Applying to static files

I have successfully set up a test area on my website which is authenticated using forms auth on iis 8. I am using this in integrated mode with asp.net which as I understand should mean that with the correct web.config file I am able to make the server use the asp.net auth on everything not just URLs. If I try and navigate to a page that I haven't entered the credentials for it returns an error 403, which is what I expect. However if I put in the path of a file stored on the site exactly, it downloads the file without the need for credentials to be provided. Here is my current top level web.config:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="false">
</compilation>
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH" loginUrl="default.aspx" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
<location path="staff/test/test">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<system.webServer>
<modules>
<remove name="FormsAuthenticationModule" />
<add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<remove name="RoleManager" />
<add name="RoleManager" type="System.Web.Security.RoleManagerModule" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
</modules>
</system.webServer>
The area /staff/test/test has a word document in it. If I type www.website.com/staff/test/test/test.doc into my browser is downloads the file.
What should I change to secure that file?

Thanks for your replies. In the end it turned out to be the security permissions on the root of the website. The code I originally pasted on here worked fine I had the server\users group having read permissions where as I only needed iis_iusers having read permissions.
Thanks again