Search code examples
c#asp.net-mvcauthenticationwindows-authentication

Keeps being prompted for credentials

What I did so far:

  1. Created the website with this web.config (this is just the settings part, not the entire file :) )

    <appSettings>
<add key="webpages:Version" value="3.0.0.0"/>
<add key="webpages:Enabled" value="false"/>
<add key="ClientValidationEnabled" value="true"/>
<add key="UnobtrusiveJavaScriptEnabled" value="true"/>
<add key="autoFormsAuthentication" value="false"/>
<add key="enableSimpleMembership" value="false"/>
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.6.2"/>
<httpRuntime targetFramework="4.6.2"/>
<authentication mode="Windows"></authentication>
<authorization>
  <deny users="?"/>
</authorization>
</system.web>

  2. Created a controller:

    [Authorize(Users = @"myPcName\myUserName,skynet\Simple")]
public class AuthenController : Controller
{
    [Authorize(Users = @"myPcName\myUserName")]
    public ActionResult ForAdministrator()
    {
        return View();
    }
    [Authorize(Users = @"myPcName\Simple")]
    public ActionResult ForUser()
    {
        return View();
    }
}

I got my credentials by : cmd -> whoami

  1. I published my mvc site in release mode to c:\inetpub\wwwroot\backoffice

  2. in IIS: enter image description here

  3. I even added my site to Local intranet in intranet options, and also: enter image description here

it just keeps prompting me again and again for credentials:

enter image description here

Solution

  • just to try to help anyone who bumps into this question: what I did that solved the problem was: click the project in VS. press F4 to go to properties Set "Anonymus Authentication" as Disabled

    in web.config:

    <authentication mode="Windows"></authentication>
<authorization>
  <allow users="*" />
</authorization>

    and in your controller:

        [Authorize(Users = @"pcName\user")]
    public ActionResult ForAdministrator()
    {
        return View();
    }

    // Authorization with windows authentication (user)
    [Authorize(Users = @"pcName\user")]
    public ActionResult ForUser()
    {
        return View();
    }

    where pcName is the name of your pc (not the WORKGROUP!)

    In that way you can control who is allowed (since Anonymus Authentication is disabled).

    Hope it helps someone. Rotem