IIS7: Setup Integrated Windows Authentication like in IIS6

52
votes

This is for IIS 7 on a Windows Server 2008 that is not part of an AD domain. I would like to password protect a website, where people have to enter a username/password (a windows account for example) to view the website. The website would then use its own authentication method (forms) to handle user accounts and decide whether or not to show member specific pages, etc.

With IIS6, we just disabled anonymous access and enabled integrated windows authentication. IIS7 behaves differently and when I enter the windows username/password to view the site, the site comes up fine but redirects to the login page. Once I log in, the site behaves naturally. I need to be able to navigate the site without logging in with the website credentials.

I don't think enabling anonymous access would make sense here since I want access to the website to be password protected (popup username/password dialog when you first navigate to the url).

Any help is appreciated!

5
authenticationiis-7windows-authentication

5 Answers

69
votes

To enable the Windows Authentication on IIS7 on Windows 7 machine:

  • Go to Control Panel

  • Click Programs >> Programs and Features

  • Select "Turn Windows Features on or off" from left side.

  • Expand Internet Information Services >> World Wide Web Services >> Security

  • Select Windows Authentication and click OK.

  • Reset the IIS and Check in IIS now for windows authentication.

Enjoy

10
votes

Two-stage authentication is not supported with IIS7 Integrated mode. Authentication is now modularized, so rather than IIS performing authentication followed by asp.net performing authentication, it all happens at the same time.

You can either:

  1. Change the app domain to be in IIS6 classic mode...
  2. Follow this example (old link) of how to fake two-stage authentication with IIS7 integrated mode.
  3. Use Helicon Ape and mod_auth to provide basic authentication
6
votes

Configure IIS7 for windows authentication in Windows Server 2008

See this link:

http://www.iis.net/ConfigReference/system.webServer/security/authentication/windowsAuthentication

Enjoy this post :-)

0
votes

So do you want them to get the IE password-challenge box, or should they be directed to your login page and enter their information there? If it's the second option, then you should at least enable Anonymous access to your login page, since the site won't know who they are yet.

If you want the first option, then the login page they're getting forwarded to will need to read the currently logged-in user and act based on that, since they would have had to correctly authenticate to get this far.

-1
votes

There's another thread elsewhere on Stack with a similar topic and the best solution I've come across is to use the free version of Helicon Ape

Once you've got that installed, follow the steps at the page Titled "HTTP Authentication and Authorization"