0

I have an ASP.NET webforms application that uses windows authentication when developing locally. The first time that I debug the webapp, IIS Express starts up and the pages work as expected. If I stop debugging and then start it again, I get in this endless cycle that no matter what page I go to, it always forwards to the login.aspx page and then to my Default.aspx page.

I can keep clicking on different pages, but it still keeps going to the Login then Default. I should be authenticated at this point and not be forwared to login.aspx. I believe it is because IIS express thinks that I am not authenticated. However, when I look at my cookies, I see that there is a ASP.NET_SessionId cookie so I don't think this should be happening.

If this helps, I have this in my page_load for login.aspx

if (authSection.Mode == AuthenticationMode.Windows)
{

    //stuff happens here
    Response.Redirect("Default.aspx");
    return;
}

To fix the problem, I have to kill IIS express and start debugging again. I'm not really sure why it thinks that I am not authenticated. Even though this isn't the same question, I tried the answer provided here: https://stackoverflow.com/a/19515891/888617 and it did not help.

Community
  • 1
  • 1
Justin
  • 6,373
  • 9
  • 46
  • 72

1 Answers1

0

Edit: This actually doesn't appear to solve my issue.

It turns out the issue was specific to Chrome. I was getting this issue when debugging and had to kill the IIS express process for it to resolve itself. However, I found a more perminate solution by doing the following.

In %userprofile%\documents\IISExpress\config\applicationhost.config insure that the overrideModeDefault is set to allowed for windowsAuthentication and anonymousAuthentication like this:

<section name="anonymousAuthentication" overrideModeDefault="Allow" />
<section name="windowsAuthentication" overrideModeDefault="Allow" />

Your authentication section should also look like this. Note the only provider is NTLM.

<authentication>
    <anonymousAuthentication enabled="false" userName="" />
    <basicAuthentication enabled="false" />
    <clientCertificateMappingAuthentication enabled="false" />
    <digestAuthentication enabled="false" />
    <iisClientCertificateMappingAuthentication enabled="false">
    </iisClientCertificateMappingAuthentication>
    <windowsAuthentication enabled="true">
        <providers>
            <add value="NTLM" />
        </providers>
    </windowsAuthentication>
</authentication>

This section should also be in the web.config.

<authentication>
    <windowsAuthentication enabled="true">
      <providers>
        <clear />
        <add value="NTLM" />
      </providers>
    </windowsAuthentication>
</authentication>
Justin
  • 6,373
  • 9
  • 46
  • 72