windows and anonymous authentication on IIS 7.5, allow auto login for internal and manual login for external

c# iis-7.5 authentication mixed-authentication
ssq picture ssq · Sep 4, 2012 · Viewed 8.4k times · Source

Scenario:

  • https asp/asp.net website running of IIS 7.5 (windows server 2008)
  • IIS currently configured to allow anonymous authentication and forms authentication ,asp.net impersonation are disabled while windows authentication is not installed (I understand that windows authentication needs to installed for this.)
  • a single custom login page for both internal and external users

Requirment:

  • Internal users seamlessly login while capturing their LOGON name (window authentication)
  • External users (not on domain) should be prompted a manual login

Questions:

  • What approach can be used to implement this?
  • Looking for the IIS 7.5 and web.config settings

Approaches Found:

  1. make 2 pages within 1 website, winlogin and weblogin(front page). Allow windows auth=true and anonymous auth=false on winlogin.aspx and vice versa on weblogin.aspx user with a ip hits weblogin, if ip is known redirect to winlogin to capture logon and redirect to weblogin if the ip is unknown
  2. have winlogin.aspx as the main page and redirect 401 errors to weblogin.aspx

Answer

Wiktor Zychla picture Wiktor Zychla · Sep 4, 2012

This is how to configure IIS for integrated authentication.

http://netpl.blogspot.com/2012/06/iis-75-integrated-security-with-no.html

This will make your site available for intranet users WITHOUT the prompt for credentials.

Note that this also works for web users. A built-in web browser window is displayed as a result of HTTP 401. A user provides his/her credentials and is in.

If you rather want to show your custom web form as a result of 401 (unauthorized), you'd have to trick the browser a little:

http://www.codeproject.com/Articles/11202/Redirecting-to-custom-401-page-when-quot-Access-de

This way you can redirect an unauthorized response to a web form of your choice (for example, to show an asp.net login form).

Although the integrated authentication can be easily configured, prepare for a lot of experiments when setting up your mixed (integrated/forms) authentication. Things change with every version of IIS; also IIS7 behaves differently if a pool is in classic vs integrated mode.

Related questions

An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode

I Installed DotNetOpenAuth SDK-3.4.5.10201.vsix and I can't get it working. It works locally (when I run as localhost) but when i try to publish it ain't working. The IIS error message I get is Error Summary HTTP Error 500.22 - …

Read More
HTTP 404 Page Not Found in Web Api hosted in IIS 7.5

I have a Web Api application. It works perfectly well when I tested it using the VS 2010 debugging dev server. But I now deployed it to IIS 7.5 and I am getting a HTTP 404 error when trying to access the application. …

Read More
The client and server cannot communicate, because they do not possess a common algorithm - ASP.NET C# IIS TLS 1.0 / 1.1 / 1.2 - Win32Exception

I have an issue with a C# PayTrace Gateway. The below code was working fine until yesterday when I believe they turned off SSL3 due to the Poodle Exploit. When running the code below we got the following message. The …

Read More