IIS express applicationhost.config security is reset every time a solutions is opened in VS2012

10
votes

I have an MVC4 application been developed in VS2012 that uses forms authentication.

[authentication mode="Forms"]
  [forms loginUrl="~/Account/Login" timeout="2880" /]
[/authentication]

It's using the default IIS 8.0 Express.

Every time I open and run the app from within the VS I got the message:

HTTP Error 401.2 - Unauthorized

You are not authorized to view this page due to invalid authentication headers.

I found out that to avoid this screen I have to change to 'true' the anonymousAuthentication and windowsAuthentication keys of the Security section of the applicationhost.config file at the [User Documents]\IISExpress\config folder to:

[system.webServer]
  [security]
    [authentication]
      [anonymousAuthentication enabled="true" /]
      [windowsAuthentication enabled="true" /]
    [/authentication]
  [/security]
[/system.webServer]

But every time I reopen the solution in VS the keys are reset to false.

How can I make then permanently set to true?

I've tried to put those key in the application's web.config but then I receive the message:

HTTP Error 500.19 - Internal Server Error

The requested page cannot be accessed because the related configuration data for the page is invalid.

Any help folks?

3
securityvisual-studio-2012windows-authentication
You saved my day! I was giving up with IIS express and your comment about applicationhost.config solved my problem.eddo

3 Answers

17
votes

If the problem is that Visual Studio updates the two settings in the applicationhost.config when opening the solution, you can solve it by selecting the Project in the Solution Explorer, view the Properties pane (available when you're not in debug mode) and set to Enabled the two items Anonymous Authentication and Windows Authentication.

By the way, in my case the parameter generating the 401.2 error was just Anonymous Authentication, you might want to try to leave the default one for Windows Authentication.

(PS, your post solved the problem for the 401.2 and really saved my day so many thanks for it!)

2
votes

You can edit IIS authentification modes by changing

  1. iis properties in \My Documents\IISExpress\config\applicationhost.config

  2. project properties in visual studio

The second option is your answer.

A full answer with screenshots is already on stackoverflow : https://stackoverflow.com/a/7168308/2988788

0
votes

You can usually use your windows account with your domain being your pc name and your windows account/password. For example pc-name\username also adding IISUSR as an account on your security settings.