I have a project where Windows Authentication and Forms login are required. I came across OWIN Mixed Authentication which seems to meet my requirements.
Before implementing into my own project I tried running the sample solution from the source link.
I debugged the solution using IIS Express and when I entered my credentials into the windows authentication dialog my correct credentials where found in the logonUserIdentity
variable.
But when I set up a local IIS site add set the following feature delegation property as stated in the readme file:
Authentication - Windows to Read/Write
When I entered my credentials into the windows authentication dialog NT AUTHORITY\IUSR is coming through in the logonUserIdentity
variable instead of the username I entered in the dialog.
I feel this happening because AllowAnonymous is enabled on the IIS site but its needed to stop a login loop that occurs because of the CookieAuthentication
within the Startup.Auth
class.
How should I be setting up my IIS site so that the windows credential dialog passes through the entered credentials and not NT AUTHORITY\IUSR.
My IIS site binding was set to http://projectname
When I changed the binding on the IIS site to http://localhost or http://pcname it was allowing me to pass through the correct windows credentials.