1

I am working MVC3 web application with windows authentication. I have set 

  <authentication mode="Windows" />
<authorization>
 <allow roles="domainname\Domain Users" />
  <allow users="*" />
  <deny users="?" />

in web.config Also in IIS for website Anonymous authentication is disabled and Windows authentication is enabled. When I try to run application it shows authentication popup but even after entering proper username and password it keeps on coming.

Sushil
  • 442
  • 3
  • 10
  • 23
  • This is usually a problem with Kerberos - your server/IIS does not trust the credentials your client sends. Also make sure your browser (IE) security settings allow sending your credentials (in the intranet zone). You could check your servers Security Event Log if your browser is hitting the site with an anonymous login. Also check the settings of your Windows authentication in IIS. – Filburt Feb 11 '15 at 07:49
  • Try initially with just `` –  Feb 11 '15 at 07:52
  • I have added my application to both trusted site and in intranet zone in IE .Would that be enough? Also my Security event logs are showing login attempt by intended user.. Windows authentication is enabled in IIS – Sushil Feb 11 '15 at 07:57
  • If @Filburt is correct, you should try `` instead. – Aron Feb 11 '15 at 08:01
  • @user3013365 No it doesn't help at all. The issue is not about trust. Its about authentication. "mode=windows" means Kerberos, which requires the client to authenticate the server (that is to check that the server is who it says it is). Suffice to say the steps involved in Kerberos authenticating the server are quite complex... – Aron Feb 11 '15 at 08:03
  • This is my NTLM section – Sushil Feb 11 '15 at 08:12
  • Interesting thing is same configuration works in IIS express – Sushil Feb 11 '15 at 08:15
  • [Checking your AppPool Identity](http://stackoverflow.com/a/12864484/205233) might also be worth a try. Look at the *Related* questions - they may offer more items to check. – Filburt Feb 11 '15 at 08:22
  • I have gone through that post..all the things mentioned are proper in my scenario – Sushil Feb 11 '15 at 12:10

2 Answers2

3

I think this is very late to answer it but might help someone who will be stuck like me. The problem was in the security tab we did not add user Account as "Users". We had all the accounts like IIS_USRS, etc but we forgot to add "Users". After adding it allowed everyone to access the site.

The strange thing is when your application doesn't need Windows authentication then IIS_USRS are enough.

Eliotjse
  • 123
  • 1
  • 15
2

Please change value in IIS application pool-> Advance Settings-> Enable 32-Bit Application to True

sourav
  • 21
  • 2