Visual Studio 2019; IIS **Express**; asp.net 4.8 (not core); Windows authentication; allow specific server local group access to page

Question

Trying to get Windows authentication working in Visual Studio 2019 fully updated as of today while debugging with IIS express. Have read through quite some findings on google and also here on SO - but so far have no success.

App works fine with windows authentication when published on real IIS on my development server where also visual studio and iis express is running.

The obvious difference between the IIS and the IIS Express setup is that I don't know how to enable IIS Express to allow the access to this page for members of a specific server local group (let's call it pageXYZaccess).

How to do this?

Have configured web.config of the project like this:

  <system.web>
    <compilation debug="true" targetFramework="4.8" />
    <httpRuntime targetFramework="4.8" />
      <authentication mode="Windows" />
      <authorization>
         <deny users="?" />
      </authorization>
  </system.web>

Have configured <sol.Dir>.vs<sol. name>\config\applicationhost.config like this:

            <sectionGroup name="security">
                <section name="access" overrideModeDefault="Deny" />
                <section name="applicationDependencies" overrideModeDefault="Deny" />
                <sectionGroup name="authentication">
                    <section name="anonymousAuthentication" overrideModeDefault="Deny" />
                    <section name="basicAuthentication" overrideModeDefault="Deny" />
                    <section name="clientCertificateMappingAuthentication" overrideModeDefault="Deny" />
                    <section name="digestAuthentication" overrideModeDefault="Deny" />
                    <section name="iisClientCertificateMappingAuthentication" overrideModeDefault="Deny" />
                    <section name="windowsAuthentication" overrideModeDefault="Allow" />
                </sectionGroup>
                <section name="authorization" overrideModeDefault="Allow" />
                <section name="ipSecurity" overrideModeDefault="Deny" />
                <section name="dynamicIpSecurity" overrideModeDefault="Deny" />
                <section name="isapiCgiRestriction" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
                <section name="requestFiltering" overrideModeDefault="Allow" />
            </sectionGroup>

.
.
            <authentication>
                <anonymousAuthentication enabled="false" userName="" />
                <basicAuthentication enabled="false" />
                <clientCertificateMappingAuthentication enabled="false" />
                <digestAuthentication enabled="false" />
                <iisClientCertificateMappingAuthentication enabled="false">
                </iisClientCertificateMappingAuthentication>
                <windowsAuthentication enabled="true">
                    <providers>
                        <add value="Negotiate" />
                        <add value="NTLM" />
                    </providers>
                </windowsAuthentication>
            </authentication>
            <authorization>
            </authorization>

. .

<location path="" overrideMode="Allow">
        <system.webServer>
            <modules>
                <add name="IsapiFilterModule" lockItem="true" />
                <add name="BasicAuthenticationModule" lockItem="true" />
                <add name="IsapiModule" lockItem="true" />
                <add name="HttpLoggingModule" lockItem="true" />
                <add name="DynamicCompressionModule" lockItem="true" />
                <add name="StaticCompressionModule" lockItem="true" />
                <add name="DefaultDocumentModule" lockItem="true" />
                <add name="DirectoryListingModule" lockItem="true" />
                <add name="ProtocolSupportModule" lockItem="true" />
                <add name="HttpRedirectionModule" lockItem="true" />
                <add name="ServerSideIncludeModule" lockItem="true" />
                <add name="StaticFileModule" lockItem="true" />
                <add name="AnonymousAuthenticationModule" lockItem="true" />
                <add name="CertificateMappingAuthenticationModule" lockItem="true" />
                <add name="UrlAuthorizationModule" lockItem="true" />
                <add name="WindowsAuthenticationModule" lockItem="false" />
                <add name="IISCertificateMappingAuthenticationModule" lockItem="true" />
                <add name="WebMatrixSupportModule" lockItem="true" />
                <add name="IpRestrictionModule" lockItem="true" />
                <add name="DynamicIpRestrictionModule" lockItem="true" />
                <add name="RequestFilteringModule" lockItem="true" />
                <add name="CustomLoggingModule" lockItem="true" />
                <add name="CustomErrorModule" lockItem="true" />
                <add name="FailedRequestsTracingModule" lockItem="true" />
                <add name="CgiModule" lockItem="true" />
                <add name="FastCgiModule" lockItem="true" />
                <!--                <add name="WebDAVModule" /> -->
                <add name="RewriteModule" />
                <add name="OutputCache" type="System.Web.Caching.OutputCacheModule" preCondition="managedHandler" />
                <add name="Session" type="System.Web.SessionState.SessionStateModule" preCondition="managedHandler" />
                <add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule" preCondition="managedHandler" />
                <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" preCondition="managedHandler" />
                <add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" preCondition="managedHandler" />
                <add name="RoleManager" type="System.Web.Security.RoleManagerModule" preCondition="managedHandler" />
                <add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" preCondition="managedHandler" />
                <add name="FileAuthorization" type="System.Web.Security.FileAuthorizationModule" preCondition="managedHandler" />
                <add name="AnonymousIdentification" type="System.Web.Security.AnonymousIdentificationModule" preCondition="managedHandler" />
                <add name="Profile" type="System.Web.Profile.ProfileModule" preCondition="managedHandler" />
                <add name="UrlMappingsModule" type="System.Web.UrlMappingsModule" preCondition="managedHandler" />
                <add name="ConfigurationValidationModule" lockItem="true" />
                <add name="WebSocketModule" lockItem="true" />
                <add name="ServiceModel-4.0" type="System.ServiceModel.Activation.ServiceHttpModule,System.ServiceModel.Activation,Version=4.0.0.0,Culture=neutral,PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler,runtimeVersionv4.0" />
                <add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule" preCondition="managedHandler,runtimeVersionv4.0" />
                <add name="ScriptModule-4.0" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler,runtimeVersionv4.0" />
                <add name="ServiceModel" type="System.ServiceModel.Activation.HttpModule, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler,runtimeVersionv2.0" />
                <add name="ApplicationInitializationModule" lockItem="true" />
                <add name="AspNetCoreModule" lockItem="true" />
                <add name="AspNetCoreModuleV2" lockItem="true" />
            </modules>