Setting the Authentication tag to Windows does not enable Windows authentication for a Web application (814900)


The information in this article applies to:

  • Microsoft Visual C# .NET (2002)
  • Microsoft Visual Basic .NET (2002)
  • Microsoft ASP.NET (included with the .NET Framework) 1.0
  • Microsoft Visual C# .NET (2003)
  • Microsoft ASP.NET (included with the .NET Framework 1.1)
  • Microsoft Visual Basic .NET (2003)
  • Microsoft Visual C# 2005, Express Edition

SUMMARY

The comment in the Web.config file that is generated for a Web-based project for the Authentication tag states that setting the attribute to Windows enables Windows authentication for the Web application. When you access the Web application, you expect that a Windows authentication challenge is generated. However, this challenge is not displayed.

CAUSE

The Windows authentication challenge is not generated because the Anonymous Access option is enabled by default in the Internet Information Server (IIS) settings for the particular Web application. IIS uses the user credentials that are specified for the Anonymous access option to authenticate any user for the Web application.

STATUS

This behavior is by design.

WORKAROUND

Clear the Anonymous access option for this particular Web application, or for a particular Web page. To make appropriate settings, follow these steps:
  1. Click Start, click Run, type inetmgr in the Open text box, and then click OK.
  2. In Internet Information Services (IIS) Manager Microsoft Management Console (mmc), on the left pane, expand the computer node, expand the Web Sites node, and then expand the Default Web Site node.
  3. Right-click the virtual directory that you created for your Web application, and then click Properties.
  4. Click the Directory Security tab, and then click Edit under Anonymous access and authentication control.
  5. Click to clear the Anonymous access option.

MORE INFORMATION

Steps to Reproduce the Problem

  1. In Visual Studio .NET or in Visual Studio 2005, create a Visual C# ASP.NET Web Application.
  2. Notice the Authentication tag that is generated in the Web.config file. The mode attribute of the tag is set to Windows.
  3. Drag a Textbox and a Button control from the toolbox to the design view of the html page.
  4. Double-click the button to add the event handler for the click event.
  5. Copy the following code to the event handler that was generated in the earlier step:
    this.TextBox1.Text = "This is just a sample string to be displayed";
  6. Build the Web application.
  7. Using another computer, try to access the Web application that you have created.
  8. You expect the Web application to throw an authentication challenge. However, the Web page is displayed.
Modification Type:MajorLast Reviewed:1/5/2006
Keywords:kbide kbprb KB814900 kbAudDeveloper kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.