Force windows authentication and allow anonymous

Question

My idea is to let my family enter the application using their Windows username (just so that they don't have to write it), and using Identity to keep password and other stuff saved into the local MDF database. The problem is that I cannot figure out how to force Windows authentication (so that Context.User.Identity.Name gives me the Windows username) and use that information to login to the Identity database. To create the project, I used the Web Forms template with Individual Accounts as security type and deleted all Owin third-party login packages (Microsoft, Google, etc).
Here's what I've tried:

Default.aspx.cs (my main page that requires authentication)

protected void Page_Load(object sender, EventArgs e)
{
    //According to Identity comments, ApplicationCookie is the AuthenticationType...
    //once logged in through Identity
    if (Context.User.Identity.AuthenticationType != "ApplicationCookie")
        Response.Redirect("Login.aspx", true);
}

Login.aspx.cs

protected void LogIn(object sender, EventArgs e) //login button handler
{
    var manager = Context.GetOwinContext().GetUserManager<UserAdministrator>();
    var signinManager = Context.GetOwinContext().GetUserManager<SessionAdministrator>();

    string windowsName = Context.User.Identity.Name;
    User user = manager.Users.Where(u => u.UserName == windowsName).FirstOrDefault();
    // rest of the login code...
}

web.config (global)

<location path="Login.aspx"> //this should only allow windows logged-in users
  <system.web>
      <authorization>
        <allow users="*" />
        <deny users="?" />
     </authorization>
  </system.web>
</location>
<location path="default.aspx"> // this should only allow Identity-logged in users
  <system.web>
    <authorization>
      <allow users="*" />
      <deny users="?" />
    </authorization>
  </system.web>
</location>

Project properties

• Windows Authentication is set to enabled
• Anonymous Authentication is set to disabled

For some reason, starting up the application and browsing to either default.aspx or login.aspx, doesn't use the Windows authentication, so Context.User.Identity.IsAuthenticated returns false. How can I achieve what I want?

Answer 1

This can be considered to be solved.

I removed the Windows authentication and switched to Forms authentication, and get the Windows username using this code I found (cannot remember who answered a SO question with it):

System.Security.Principal.WindowsPrincipal windowsUser = new System.Security.Principal.WindowsPrincipal(Request.LogonUserIdentity);
Request.LogonUserIdentity.Impersonate();
string username = windowsUser.Identity.Name.Substring(windowsUser.Identity.Name.LastIndexOf("\\") + 1);

Answer 2

Try remove in default.aspx node <allow users="*" />

It will force app to use authentication by denying anonymous