I currently am using Forms Authentication for the members site I've built. However, I have created a CMS that I want internal folks to access via the Admin Area I created. For the Admin Area I would like to use Windows Authentication instead. I'm using IIS Express in my dev environment. I have my Admin/CMS controller decorated like this
[Authorize(Roles = @"ECR")]
public class CMSController : Controller
I've tried adding <authentication mode="Windows" />
to the Web.config system.web section in Areas/Admin.
When I try logging into the Admin/CMS area it just bounces me back to my loginUrl set in the tag of my project level Web.config. If I'm logged in it just bounces me to the homepage.
I have read a few articles on setting up Windows Authentication with IIS Express and found the suggestion to turn off "Anonymous Authentication" in the properties of the web project. I did this and Admin/CMS worked properly, allowing me in if I'm part of the group and denying me if I'm not. However, turning off Anonymous Authentication breaks my Forms Authentication section of my site. Since that worked, I tried to turn off anonymous authentication in my Areas/Admin/Web.config via the system.webServer section using:
<security>
<authentication>
<anonymousAuthentication enabled="false" />
</authentication>
</security>
without success.
What am I doing wrong here? Thank you