MVC Web Api won’t allow Windows Authentication

by

I have a simple MVC web api 2 IIS hosted application which I want to enable windows authentication (initially not using Owin). I am running this on my development machine and running as local IIS.

So, from what I could find, I need to add the following to the web.config

1: to the following section the authentication mode=”Windows” 

<system.web>
  <compilation debug="true" targetFramework="4.5.1"/>
  <httpRuntime targetFramework="4.5.1"/>
  <authentication mode="Windows" />
</system.web>

2: Then add the following

<system.webServer>
  <security>
    <authentication>
      <windowsAuthentication enabled="true"/>
    </authentication>
  </security>

When I add the above and run the application (in debug from Dev studio), I get the following error

HTTP Error 500.19 – Internal Server Error

Config Error This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault=”Deny”), or set explicitly by a location tag with overrideMode=”Deny” or the legacy allowOverride=”false”.

and then it specifically points to this web config entry

Config Source:

37:     <authentication>
38:       <windowsAuthentication enabled="true"/>
39:     </authentication>

Anyone have any ideas why I would be getting this?

Also, I noticed when I switch to IIS express, that in the project properties, the Windows Authentication is set to disabled, and grayed out so I cannot set it here either.

Thanks in advance for any help!

Contents hide
Answers:
Method 1

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

If you read applicationHost.config, you will see that authentication related sections are locked down and cannot be overridden in web.config,

<section name="windowsAuthentication" overrideModeDefault="Deny" />

Thus, you need to specify that in applicationHost.config, instead of web.config. Both IIS and IIS Express have such restriction.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x