1

I have two machines:

  1. Windows 2008 - for Active Directory
  2. Windows 7 - installed with IIS7, it also serves as development machine. Note that this PC is not member of the domain.

I tried Forms Authentication and it's working fine with this configuration in my web.config:

<connectionStrings>
    <add name="ADConn" connectionString="LDAP://192.168.0.21" />
</connectionStrings>

<membership defaultProvider="ADMembership">
  <providers>
    <add name="ADMembership"
         type="System.Web.Security.ActiveDirectoryMembershipProvider"
         connectionStringName="ADConn"
         connectionUsername="dominic"
         attributeMapUsername="sAMAccountName"
         connectionPassword="p@ssw0rd" />
  </providers>
</membership>

Now I want to change from Form to Windows Authentication. My questions are:

  1. What configurations do I need to add in Web.Config to enable Windows Authentication?
  2. What configurations should be done in IIS to enable Windows Authentication?
  3. Do I need to configure Windows Firewall?
  4. When logging in using Windows Authentication, what should be my username? Is it "192.168.0.21\dominic" or "dominic"?
  5. Did I miss to ask any question?

I tried many tutorials today but it's either giving me 403 or it's not accepting my username and password. If you know any complete step-by-step tutorial, please let me know.

Improve this question
4
  • I think you might struggle to get Windows Authentication working on a machine that is off the domain. Is this a Web or Intranet app? Commented Dec 4, 2013 at 15:07
  • Intranet... What would be the problem if the PC is not in a domain? Commented Dec 4, 2013 at 15:28
  • 1
    I stand corrected it should make no difference. Full details are here iis.net/configreference/system.webserver/security/… Commented Dec 4, 2013 at 15:38
  • Thanks. Ill read it later. I should have used IIS as keyword when I was searching. Commented Dec 4, 2013 at 16:13

1 Answer 1

Reset to default
2

After days of research, it turns out that IIS at least, should be a member of the domain. The client does not necessarily be a member of the domain.

In the Web.Config, all I need to add is:

<authentication mode="Windows" />
<authorization>
  <allow users="*"/>
  <deny users="?" />
</authorization>

Connection string and membership are not necessary.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.