Can't login to website using windows authentication IIS

Question

I've been searching for a solution for this headache for a quite long.

I have a website that I want to deploy to my web server, so I'm using IIS 7 and followed these steps to authenticate logging into it:

1- Open IIS

2- Add Website (with random port number)

3- Set the application pool for it to a specific Identity

4- Disable Anonymous authentication then enable Windows Authentication.

5- Remove "Allow All users" rule

6- Add allow rule for an admin user and give him full control access

When I try to access it it asks for a username and password which must be the same user as the one added in step 6 .

The problem is whenever I click ok the logging window keeps popping up and can't access the website as a result

I also tried to add deny rule for anonymous users

Is there anything must be added to web.config file or something ? Do I need to install something or disable something ?

Any suggestion is very appreciated

EDIT This is my web.config file authorization section

<system.web>
  <authentication mode="Windows" />
  <compilation targetFramework="4.5" />
  <httpRuntime targetFramework="4.5" />
  <pages validateRequest="false"></pages>
    <identity impersonate="false" />
  <authorization>
    <allow users="SomeUser" />
    <deny users="*"/>
  </authorization>


</system.web>

did you also enable windows authentication in your web.config? ` ` — Khanh TO, Jul 06 '15 at 12:52
Thank you sir for your comment, I did it using IIS action pane, Do you have any Idea how to do it in web.config file ? — Ibrahim Amer, Jul 06 '15 at 12:54
try doing it both for IIS and Asp.net. Just open web.config and add the appropriate setting — Khanh TO, Jul 06 '15 at 12:55

Ibrahim Amer · Accepted Answer · 2016-07-22T23:24:00.667

After spending hours trying to solve this finally I figured out the solution

1- Open IIS

2- Add Website (with random port number)

3- Set the application pool for it to a specific Identity

4- Disable Anonymous authentication then enable Windows Authentication.

5- Remove "Allow All users" rule

6- Add allow rule for an admin user and give him full control access

Note: all previous steps were made using IIS wizard

7- After openinig web.config file I can't find any changes after adding allow rules so, I had to do it manually by adding <authorization> tag then adding these rules in the same order (this order is very important either it won't work)

<authorization>
   <allow users="<the user that you want to give an access>" />
   <deny users="*" /> <!--to deny all other users-->
</authorization>

The steps didn't work for me, but I did find the reason for the problem while following the steps, because it pointed me to another error message. For my specific problem, I had to add user on Security > Login on SQL Server, assign the database to the user as owner. — Auguste, Aug 29 '16 at 17:37

Khanh TO · Answer 2 · 2015-07-07T02:19:13.043

2

From MSDN, you need to enable windows authentication both in IIS and ASP.NET application:

Start Internet Information Services (IIS).

Right-click your application's virtual directory, and then click Properties.

Click the Directory Security tab. Under Anonymous access and authentication control, click Edit.

Make sure the Anonymous access check box is not selected and that Integrated Windows authentication is the only selected check box.

In your application's Web.config file or in the machine-level Web.config file, ensure that the authentication mode is set to Windows as shown here.

...
 <system.web>
  ...
  <authentication mode="Windows"/>
  ...
 </system.web>

Enabling windows authentication on IIS so that IIS authenticates the user.
Adding a setting to your web.config so that ASP.NET knows what authentication provider to use. In this case, ASP.NET uses windows authentication provider to set the value of the current User property to a WindowsIdentity based on the credentials supplied by IIS.

Also check for authorization:

The rules are checked from top to bottom and stopped at first matching rule. Therefore, you should specify allow before deny. Example:

<authorization>
  <allow users="John"/>
  <deny users="*"/>
</authorization>

edited Jul 07 '15 at 02:19

answered Jul 06 '15 at 13:01

Khanh TO

48,509
13
99
115

can't find "Anonymous access and authentication control" I went to my website directory->right click->properties->Security tab – Ibrahim Amer Jul 06 '15 at 13:12
@Ibrahim Amer: did you see a screen like this: http://stackoverflow.com/questions/24971287/asp-net-mvc4-user-identity-name-getting-empty-even-though-set-authentication-mod/24971567#24971567 – Khanh TO Jul 06 '15 at 13:13
@Ibrahim Amer: that's what you were looking for in `can't find "Anonymous access and authentication control" I went to my website directory->right click->properties->Security tab` – Khanh TO Jul 06 '15 at 13:36
@Ibrahim Amer: Did you use IE? http://stackoverflow.com/questions/12517127/windows-authentication-not-working-in-iis-7-5 – Khanh TO Jul 06 '15 at 13:48
still not working... what about the order of Authorization rules ? – Ibrahim Amer Jul 06 '15 at 13:57
@Ibrahim Amer: it matters. Try putting `allow` first, `deny` after – Khanh TO Jul 06 '15 at 13:57
I believe this is may be the solution but it won't allow me to do this always deny rule came before allow rule !! – Ibrahim Amer Jul 06 '15 at 14:05
@Ibrahim Amer: the rules are executed from top to bottom and stopped at first matching rule. You should specify `allow` before `deny` – Khanh TO Jul 06 '15 at 14:06
Do you mean in web.config file ? – Ibrahim Amer Jul 06 '15 at 14:07
@Ibrahim Amer:yes: https://msdn.microsoft.com/en-us/library/wce3kxhd(v=vs.140).aspx – Khanh TO Jul 06 '15 at 14:08
still can't get this part "Adding a setting to your web.config so that ASP.NET knows what authentication provider to use. In this case, ASP.NET uses windows authentication provider to set the value of the current User property to a WindowsIdentity based on the credentials supplied by IIS." – Ibrahim Amer Jul 07 '15 at 20:33
@Ibrahim Amer: in this question http://stackoverflow.com/questions/24971287/asp-net-mvc4-user-identity-name-getting-empty-even-though-set-authentication-mod/24971567#24971567 , you see that there is a property `User.Identity`, this is set by ASP.NET windows authentication provider based on credentials supplied by IIS . IIS does the real windows authentication for you and just passes the credentials to ASP.NET, we enable this property so that ASP.NET uses the appropriate provider that understands the credentials from IIS and sets the `User` property accordingly. – Khanh TO Jul 08 '15 at 02:31

Can't login to website using windows authentication IIS

2 Answers2