Can't login to website using windows authentication IIS
Solution 1
After spending hours trying to solve this finally I figured out the solution
1- Open IIS
2- Add Website (with random port number)
3- Set the application pool for it to a specific Identity
4- Disable Anonymous authentication then enable Windows Authentication.
5- Remove "Allow All users" rule
6- Add allow rule for an admin user and give him full control access
Note: all previous steps were made using IIS wizard
7- After openinig web.config file I can't find any changes after adding allow rules so, I had to do it manually by adding <authorization> tag then adding these rules in the same order (this order is very important either it won't work)
<authorization>
<allow users="<the user that you want to give an access>" />
<deny users="*" /> <!--to deny all other users-->
</authorization>
Solution 2
From MSDN, you need to enable windows authentication both in IIS and ASP.NET application:
Start Internet Information Services (IIS).
Right-click your application's virtual directory, and then click Properties.
Click the Directory Security tab. Under Anonymous access and authentication control, click Edit.
Make sure the Anonymous access check box is not selected and that Integrated Windows authentication is the only selected check box.
In your application's Web.config file or in the machine-level Web.config file, ensure that the authentication mode is set to Windows as shown here.
...
<system.web>
...
<authentication mode="Windows"/>
...
</system.web>
- Enabling windows authentication on IIS so that IIS authenticates the user.
- Adding a setting to your web.config so that ASP.NET knows what authentication provider to use. In this case, ASP.NET uses windows authentication provider to set the value of the current User property to a WindowsIdentity based on the credentials supplied by IIS.
Also check for authorization:
The rules are checked from top to bottom and stopped at first matching rule. Therefore, you should specify allow before deny. Example:
<authorization>
<allow users="John"/>
<deny users="*"/>
</authorization>
Ibrahim Amer
Updated on June 04, 2022Comments
-
Ibrahim Amer almost 2 years
I've been searching for a solution for this headache for a quite long.
I have a website that I want to deploy to my web server, so I'm using IIS 7 and followed these steps to authenticate logging into it:
1- Open IIS
2- Add Website (with random port number)
3- Set the application pool for it to a specific Identity
4- Disable Anonymous authentication then enable Windows Authentication.
5- Remove "Allow All users" rule
6- Add allow rule for an admin user and give him full control access
When I try to access it it asks for a username and password which must be the same user as the one added in step 6 .
The problem is whenever I click ok the logging window keeps popping up and can't access the website as a result
I also tried to add deny rule for anonymous users
Is there anything must be added to web.config file or something ? Do I need to install something or disable something ?
Any suggestion is very appreciated
EDIT This is my web.config file authorization section
<system.web> <authentication mode="Windows" /> <compilation targetFramework="4.5" /> <httpRuntime targetFramework="4.5" /> <pages validateRequest="false"></pages> <identity impersonate="false" /> <authorization> <allow users="SomeUser" /> <deny users="*"/> </authorization> </system.web> -
Ibrahim Amer almost 9 yearscan't find "Anonymous access and authentication control" I went to my website directory->right click->properties->Security tab
-
Khanh TO almost 9 years@Ibrahim Amer: did you see a screen like this: stackoverflow.com/questions/24971287/… -
Khanh TO almost 9 years@Ibrahim Amer: that's what you were looking for in
can't find "Anonymous access and authentication control" I went to my website directory->right click->properties->Security tab -
Khanh TO almost 9 years@Ibrahim Amer: Did you use IE? stackoverflow.com/questions/12517127/…
-
Ibrahim Amer almost 9 yearsstill not working... what about the order of Authorization rules ?
-
Khanh TO almost 9 years@Ibrahim Amer: it matters. Try putting
allowfirst,denyafter -
Ibrahim Amer almost 9 yearsI believe this is may be the solution but it won't allow me to do this always deny rule came before allow rule !!
-
Khanh TO almost 9 years@Ibrahim Amer: the rules are executed from top to bottom and stopped at first matching rule. You should specify
allowbeforedeny -
Ibrahim Amer almost 9 yearsDo you mean in web.config file ?
-
Khanh TO almost 9 years@Ibrahim Amer:yes: msdn.microsoft.com/en-us/library/wce3kxhd(v=vs.140).aspx
-
Ibrahim Amer almost 9 yearsstill can't get this part "Adding a setting to your web.config so that ASP.NET knows what authentication provider to use. In this case, ASP.NET uses windows authentication provider to set the value of the current User property to a WindowsIdentity based on the credentials supplied by IIS."
-
Khanh TO almost 9 years@Ibrahim Amer: in this question stackoverflow.com/questions/24971287/… , you see that there is a property
User.Identity, this is set by ASP.NET windows authentication provider based on credentials supplied by IIS . IIS does the real windows authentication for you and just passes the credentials to ASP.NET, we enable this property so that ASP.NET uses the appropriate provider that understands the credentials from IIS and sets theUserproperty accordingly. -
Auguste over 7 yearsThe steps didn't work for me, but I did find the reason for the problem while following the steps, because it pointed me to another error message. For my specific problem, I had to add user on Security > Login on SQL Server, assign the database to the user as owner.