0

I have an ASP.NET MVC4 website deployed on IIS with Windows Authentication enabled. My config file has this setting:

<authentication mode="Windows" /> <authorization> <deny users="?" /> </authorization>

My understanding is that this will allow me to authenticate without having to type in credentials; i.e. an intranet site.

This works as intended, except for the first page load. When I first access the website, I am directed to the following URL:

http://localhost/SandboxWebsite/login.aspx?ReturnUrl=%2fSandboxWebsite

This is obviously a page that asks for credentials. When I then navigate again to http://localhost/SandboxWebsite/, I am automatically authenticated without having to enter any credentials.

Why is this occurring and how can I prevent it?

Improve this question

2 Answers 2

Reset to default
3

The problem was that, whilst anonymous access was disabled as a setting, there was no authorisation rule to deny anonymous users. Why this redirected me to Login.aspx I do not know, but I fixed it by adding the following rules.

IIS > MyWebsite > .NET Authorization Rules

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

John,

this is a long shot but have you tried using an address other than LocalHost to access the site ? It may be that your ASP.NET MVC4 website is expecting a specific domain name/computer name or IP address because of the way it was setup.

You could alter your hosts file to test this out.

Hope this helps. Dorje

Improve this answer

1 Comment

Hi Dorje, I actually managed to fix this. I will answer the question myself when I get some time. The input is appreciated though!

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.