Why is my ASP.NET MVC Application requesting Windows Authentication?

Question

I've been building a ASP.NET MVC application and using forms authentication. In my controller action I have:

[Authorize(Users = "me,joe")]

that has been working great. Last night when I published the newest changes and attempt to view my website it started popping up a Windows Authentication dialog box. I've looked at all my code and cannot figure out WHY it would change to Windows authentication. My web.config file has not changed in at least 10 days. If I run the code from my dev box it does not do this...only when it is run from my host. And if I remove the Authorize line from my controller action it does not happen.

How can I fix this or how can I debug my solution to see why this is happening?

BTW, my web.config says:

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>

Answer 1

I'm just shooting in the dark, but do you have an <identity> setting in your web.config?

 <system.web>
    ...   
    <identity impersonate="true"/>
    ...
 </system.web>

If so, it might help to remove this line. It might also help to ask your hosting provider why Windows Authentication is suddenly being applied to your web site. As others have mentioned there are IIS settings which could be causing this behavior.

Answer 2

I think you need to set the permissions for IUSER, IWAM

Using the Windows Explorer browse to the folder you are wanting to grant permissions. Right click on the folder and select "properties". In the resulting dialog click on the "Security" tab near the top. You can then add or edit security for these accounts (IUSR_machineName, IWAM_macnineName, and ASPNET).

Answer 3

This is most likely do to IIS settings for authentication and permissions on the website's folder on the web server. I would check both of those before anything else.