Using Windows Authentication with IIS Express 7.5

By default my installation of IIS Express (I think it was done through the Microsoft Web Platform Installer) had all the available authentication methods set to Deny.
When I first started using this I set anonymous and windows authentication to Allow as these were specified in the various web.config files of the applications I was working with.

However when it came to running a site that was using windows authentication, HttpContext.Current.User.Identity.Name was returning blank instead of a login name. It turns out that this is because anonymous authentication was being used in preference to windows authentication.

So, how can you change the configuration of IIS Express when there is no GUI to do this?
That’s easy – you just edit \My Documents\IISExpress\config\applicationhost.config
I struggled to find any documentation that describes how you can edit this though, specifically I just wanted to disable anonymous authentication for 1 particular site.

In the end I did the following:
In Visual Studio 2010, view the properties for the project (click the project, press F4) and set Windows Authentication: Enabled.
edit applicationhost.config – at the end of the document should be something like this:

<location path="YourSiteName">
    <system.webServer>
       <security>
           <authentication>
               <windowsAuthentication enabled="true" />
           </authentication>
       </security>
    </system.webServer>
</location>

Now add

<anonymousAuthentication enabled="false" />

in the authentication section, and that's it. IIS Express should now behave the way you want it to and you will be able to access user details obtained by windows authentication.

One Reply to “Using Windows Authentication with IIS Express 7.5”

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA - answer the question below to prove you are human *