Microsoft KB Archive/814900

= Setting the Authentication tag to Windows does not enable Windows authentication for a Web application =

Article ID: 814900

Article Last Modified on 12/11/2006

-

APPLIES TO


 * Microsoft Visual C# .NET 2002 Standard Edition
 * Microsoft Visual Basic .NET 2002 Standard Edition
 * Microsoft ASP.NET 1.0
 * Microsoft Visual C# .NET 2003 Standard Edition
 * Microsoft ASP.NET 1.1
 * Microsoft Visual Basic .NET 2003 Standard Edition
 * Microsoft Visual C# 2005 Express Edition

-



SUMMARY
The comment in the Web.config file that is generated for a Web-based project for the Authentication tag states that setting the attribute to Windows enables Windows authentication for the Web application. When you access the Web application, you expect that a Windows authentication challenge is generated. However, this challenge is not displayed.



CAUSE
The Windows authentication challenge is not generated because the Anonymous Access option is enabled by default in the Internet Information Server (IIS) settings for the particular Web application. IIS uses the user credentials that are specified for the Anonymous access option to authenticate any user for the Web application.



STATUS
This behavior is by design.



WORKAROUND
Clear the Anonymous access option for this particular Web application, or for a particular Web page. To make appropriate settings, follow these steps:
 * 1) Click Start, click Run, type inetmgr in the Open text box, and then click OK.
 * 2) In Internet Information Services (IIS) Manager Microsoft Management Console (mmc), on the left pane, expand the computer node, expand the Web Sites node, and then expand the Default Web Site node.
 * 3) Right-click the virtual directory that you created for your Web application, and then click Properties.
 * 4) Click the Directory Security tab, and then click Edit under Anonymous access and authentication control.
 * 5) Click to clear the Anonymous access option.



Steps to Reproduce the Problem
 In Visual Studio .NET or in Visual Studio 2005, create a Visual C# ASP.NET Web Application. Notice the Authentication tag that is generated in the Web.config file. The mode attribute of the tag is set to Windows. Drag a Textbox and a Button control from the toolbox to the design view of the html page. Double-click the button to add the event handler for the click event.  Copy the following code to the event handler that was generated in the earlier step: this.TextBox1.Text = &quot;This is just a sample string to be displayed&quot;;  Build the Web application.</li> Using another computer, try to access the Web application that you have created.</li> You expect the Web application to throw an authentication challenge. However, the Web page is displayed.</li></ol>

Keywords: kbide kbprb KB814900

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.