0

I have a .NET web application which is configured with anonymous authentication. I would like to gate access to this application using Windows AD Domain Authentication. Is there any way that this can be accomplished without changing the application code?

I just want to turn on some form of authentication using the IIS Manager or changing an IIS configuration file and have it check the Windows AD Domain.

Right now, if I disable Anonymous Authentication and turn on Windows Authentication, I get a redirect loop followed by a 404.15 error complaining about a URL length overflow:

https://127.0.0.1:443/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl%253D%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FLogin%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAccount%2525252525252525252525252525252525252FLogin%2525252525252525252525252525252525253FReturnUrl%2525252525252525252525252525252525253D%252525252525252525252525252525252525252FAccount%252525252525252525252525252525252525252FLogin%252525252525252525252525252525252525253FReturnUrl%252525252525252525252525252525252525253D%25252525252525252525252525252525252525252F

Oh! And the server is running Windows Server 2022 Datacenter with IIS 10. Thanks.

Tripp Kinetics
  • 5,178
  • 2
  • 23
  • 37
  • You will need to make application changes. – Joel Coehoorn Jun 07 '23 at 15:31
  • You will have to figure out why those redirects are happening. It seems like Forms Authentication is enabled, but if not, then the application must be doing that redirect. – Gabriel Luci Jun 07 '23 at 23:32
  • Also note that changing the authentication method in IIS Manager will change the web.config file of the application. That's how the settings are saved. – Gabriel Luci Jun 07 '23 at 23:32
  • Maybe you need to modify part of the code, refer to this answer: https://stackoverflow.com/a/28487447/20058276. This answer is similar to your situation. – TengFeiXie Jun 08 '23 at 09:42

0 Answers0