Search code examples
asp.net-mvcauthenticationforms-authenticationasp.net-mvc-5

Why is my MVC5 App prompting me for Windows Auth when I removed Windows Auth?

I have a MVC 5 application which was previously using AD to authenticate. I have removed the settings for windows authentication and added code to manually authenticate against a database of users.

The problem is that the AD authentication window continues to pop up and I am required to enter valid credentials to visit any form. This is not desired, expected, or in code anywhere I can find.

I have no Authorization tags on any method controllers. I have no security placed on any forms yet, no any allow or deny configuration settings. I cannot figure out why the AD authentication window is popping up for every form and why if I click cancel I cannot visit any of my forms without it popping up again.

config file:

<authentication mode="Forms">
  <forms name=".ASPXAUTH" loginUrl="~/Account/Login" timeout="300" slidingExpiration="true" protection="All" />
</authentication>

I've looked at my controllers, views, and global/statup .cs files. Nothing is showing me a clue right now.

I can show any code snippets, but I'm not sure what is relevant at this point.

Below is my applicationhost.config file for the IISExpress settings, and it also appears to be correctly set up...

   <authentication>

        <anonymousAuthentication enabled="true" userName="" />

        <basicAuthentication enabled="false" />

        <clientCertificateMappingAuthentication enabled="false" />

        <digestAuthentication enabled="false" />

        <iisClientCertificateMappingAuthentication enabled="false">
        </iisClientCertificateMappingAuthentication>

        <windowsAuthentication enabled="false">
            <providers>
                <add value="Negotiate" />
                <add value="NTLM" />
            </providers>
        </windowsAuthentication>

    </authentication>

    <authorization>
        <add accessType="Allow" users="*" />
    </authorization>
Solution

  • at the very bottom (line 1050) of the applicationhost.config file was the following data with windowsAuthentication enabled="true" set. After changing that to false I was no longer bothered with the Windows login prompt.

    <location path="myapp">
    <system.webServer>
        <security>
            <authentication>
                <anonymousAuthentication enabled="false" />
                <windowsAuthentication enabled="false" />
            </authentication>
        </security>
    </system.webServer>
</location>

    The file was located in the solution root folder followed by .vs\config

    This post helped point me in the direction of checking that file as well as PankajKapare's comment about IIS Express.

    Thanks for the help.