I am creating a new MVC application and trying to set up Windows authentication but when I attempt to log in it denies me.
I don't think this is related to IIS Express or my browsers as I have other MVC applications using Windows Authentication that work fine. After looking at the trade logs it appears it is attempting to connect via Anonymous Authentication which baffles me because if have this in my web.config:
<authentication mode="Windows"/>
In my project properties I have also enabled Windows Authentication and disabled Anonymous Authentication.
I'm not sure what other info to include so let me know if more is needed. Losing my mind here, please help.
UPDATE: Closer but still not working, Removing the following from my web config fixed my Anonymous Authentication issue:
<authorization>
</authorization>
However now in my stack trace I see the following lines that do not appear in my other working Windows authentication apps:
AspNetAppDomainEnter Data1="/LM/W3SVC/45/ROOT-1-130825677814817784" 14:36:37.272
AspNetStartHandler Data1="ASP.global_asax", Data2="Start" 14:36:37.272
AspNetPipelineEnter Data1="System.Web.Security.WindowsAuthenticationModule" 14:36:37.272
AspNetPipelineLeave Data1="System.Web.Security.WindowsAuthenticationModule"
And this is the error I get:
ModuleName ManagedPipelineHandler
Notification EXECUTE_REQUEST_HANDLER
HttpStatus 401
HttpReason Unauthorized
HttpSubStatus 0
ErrorCode The operation completed successfully.
(0x0)
ConfigExceptionInfo
Not really sure what they mean at this point but it seems like they may be related to my problem some how.
UPDATE: My remaining issue appears to be something specific to the active directory groups I am using. Users do not seem to be in the roles I have in my FilterConfig so I am being denied access, when I remove all filter roles I get in.
RESOLVED: For completeness I will add what fixed my authorization issue. For some reason there was a problem adding multiple Roles in my FilterConfig like so:
filters.Add(new HandleErrorAttribute());
filters.Add(new System.Web.Mvc.AuthorizeAttribute() { Roles = Auth.ROLE1 });
filters.Add(new System.Web.Mvc.AuthorizeAttribute() { Roles = Auth.ROLE2 });
filters.Add(new System.Web.Mvc.AuthorizeAttribute() { Roles = Auth.ROLE3 });
But when I created a roll-up group and added them all within AD to that group, then just authorized the single group like so:
filters.Add(new HandleErrorAttribute());
filters.Add(new System.Web.Mvc.AuthorizeAttribute() { Roles = Auth.ALL_ROLES });
It fixed my authorization issue.
