MVC4 Windows Authentication Redirect to Account/Login

3
votes

I am setting up Windows Authentication in an MVC 4 application using Visual Studio 2013 and using the IIS Express Development Server. However, I get redirected to /Account/Login (as if I were using forms authentication).

I have no reference to WebMatrix in my bin folder (or anywhere) as described here: ASP.NET MVC3 and Windows Auth on IIS keeps redirecting to /Account/Login.

I have added these entries to appSettings in the web.config as suggested by this post: MVC5 Redirects to Login.aspx when using Windows Authentication

<add key="autoFormsAuthentication" value="false" />
<add key="enableSimpleMembership" value="false"/>

Here is what I have done so far:

Added windows authentication to system.web.

<authentication mode="Windows"/>

Added the [Authorize] attribute to my controller. I have also tried using the authorization tag in the web.config instead of the attribute on the controller (deny users="?"). The results are the same.

For the Development Server settings in my project I changed these settings:

Anonymous Authentication = Disabled

Windows Authentication = Enabled

I can find no reference to FormsAuthentication. I can't figure out why it still redirects to a non-existent login page.

1
asp.net-mvc-4redirectvisual-studio-2013windows-authentication
Please check if this applicable in your case: stackoverflow.com/questions/24745311/…Mike Guthrie

1 Answers

10
votes

When the project was created it may have been done using a template that added Startup.Auth in the App_Start folder in your project. (The default template uses Individual User Accounts if you did not change it to windows authentication as the Authentication method in the create new ASP.Net Project dialog)

Try commenting out these lines if they are present 

   app.CreatePerOwinContext(ApplicationDbContext.Create);
   app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);


   app.UseCookieAuthentication(new CookieAuthenticationOptions
   {
      AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
      LoginPath = new PathString("/Account/Login"),
      Provider = new CookieAuthenticationProvider
      {
          OnValidateIdentity =  SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
               validateInterval: TimeSpan.FromMinutes(30),
               regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
      }
  });

  app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

Or if you have not added anything to this file you could remove it completely and the call to it 

        ConfigureAuth(app);

found in the startup.cs in the root of the project

Now most of the account controller is no good to use if this case so be prepared to clean that up also.

This line is important and correct in the web config

<authentication mode="Windows"/>

these lines are probably not directly related to the issue and can be removed

<add key="autoFormsAuthentication" value="false" />
<add key="enableSimpleMembership" value="false"/>

The other development settings are also correct.