Mixing Forms and Windows Security in ASP.NET

0
votes

I am having trouble using Mixed Forms Authentication and Windows Security.

I am not too familiar with IIS and security. I found this article today:

https://msdn.microsoft.com/en-us/library/ms972958.aspx#mixedsecurity_topic5

I first started by adding an authentication mode to my web.config file:

<authentication mode="Forms">
        <forms loginUrl="~/Login"></forms>
      </authentication>

the tutorial above says my loginURL should be WinLogin.aspx, I guess this is where my confusion starts.

As in the tutorial above it states the following:

Using the IIS Manager, right-click the WinLogin.aspx file, click Properties, and then go to the File Security tab to edit the authentication and access control for this single file. Then simply un-check Enable anonymous access and check Integrated Windows authentication.

I don’t see WinLogin.aspx in my IIS Manager.

My question is, do I need to create a site in my IIS Manager and create a WinLogin.aspx file my project?

I am using MVC, so if I add my project to IIS, do I follow the same steps for WinLogin.aspx but for my Login Controller file? LoginController.cs ? I am very confused on this subject.

Thanks,

1
asp.netiiswindows-authenticationwindows-securitymixed-authentication

1 Answers

0
votes

According to the tutorial, you'll need two files, WebLogin.aspx and WinLogin.aspx. WinLogin.aspx just exists to test the Integrated Windows Authentication, otherwise users would login via WebLogin.aspx. The tutorial for WinLogin.aspx should be in the source code for the article (linked to at the top of the article).

Instead of WebLogin.aspx, you can provide a route to your MVC login page.