ASP.NET MVC 3 Windows Authentication problem – redirects to Account/Login

ASP.NET MVC 3 has its quirkiness here and there. Sometimes it’s a lack of support for something, and other times it’s downright buggy.

An issue I came across recently, is something to do with Windows Authentication. There’s a lot of resource on the web on how to run ASP.NET MVC with Windows Authentication. There’s even a project template, the Intranet site, which ships with MVC 3. It should be a no-brainer!

The issue I came across, prevented ASP.NET from using Windows Authentication. Even though I had set authentication mode to Windows in Web.config:

<authentication mode="Windows" />
<authorization>
  <deny users="?" />
</authorization>

And disabled anonymous authentication on the website in IIS – it always redirected all requests to /Account/Login, as if it was using some sort of default Forms Authentication.

This coursed a server error – the dreaded Yellow Screen of Death, since I didn’t have a login form on my site, I had no controller/action for Account/Login.

Known issue

After searching the web for a while, I came across the release notes on the ASP.NET MVC website. At the bottom, there’s a section called ‘Known issues‘, and one of the last issues reads:

There’s a known issue that causes Forms Authentication to always redirect unauthenticated users to ~/Account/Login, ignoring the forms authentication setting used in Web.config. The workaround is to add the following app setting.

      <add key="autoFormsAuthentication" value="false" />

And much to my disappointment, this didn’t do the trick! Long story short, it turned out that I needed another setting as well, as pointed out in the comment of this Stackoverflow question:

<add key="enableSimpleMembership" value="false"/>

After adding the magic settings to my Web.config, everything worked as it should – and Windows Authentication on ASP.NET MVC is now a no-brainer!

  • Dirk van Bergen

    Thanks! This is exactly what we needed to solve :)

  • http://www.facebook.com/dlarionov Denis Larionov

    Thank you for this post!

  • Vinca

    Dude. That truly is magic.  I’m building an intranet site that was working fine, until I tried to build out a blog, then something happened where I got the dreaded redirect to Account/Login.  This added piece of config code did the trick.  Thanks!

  • AlfB

    Hi and thanks for posting this. It’s always helpful to have guys that share their experiences.

  • Igal Shkolnik

    Thanks

  • Igal Shkolnik

    Thanks !
    Unfortunately it was hard to get to that trick…

  • Mit

    Thank you very much you saved my day

  • sfico

    Hi Martin, Thanks a lot

  • Cking27

    Thanks Martin for posting.

  • Burak TARHANLI

    Thank you so much.

  • http://www.milkshakecommerce.com/ecommerce-blog Martin H. Normark

    You’re very welcome. Glad it helped you out!

  • http://www.facebook.com/ravinesh.r Ravinesh Ram

    this post was helpful .. but if i wanted to create a log out button for windows authentication in asp.net MVC is there a way this could be done

  • http://www.milkshakecommerce.com/ecommerce-blog Martin H. Normark

    As far as I know, there’s no way to do that.

    You can’t log the user out of windows, and the Windows Authentication token will always be there to read.

  • srikanth

    THanks..it helped me alot..i wa struggling with this prob..

  • disqus_COT88cS1jV

    Thank you very much Martin.
    I have spentleast three hours for this.

  • jlb_us

    I humbly bow to you greatness. Thanks for posting this!!!!

  • Herb

    Thank you. Really want to shake my finger at some Microsoft Developers though. Still there in latest MVC 4.

  • Marta Muniesa

    Many thanks for posting this! I really didn’t know how to solve this problem!

    Marta Muniesa
    IT Consultant @ Trentia Consulting

  • Rahul Reddy

    thanks,its very good…and similarly how can i go for forms authentication?

  • http://martinnormark.com/ Martin H. Normark
  • Russ Sonny Ward

    Thank you Martin. You just saved my night!

  • http://martinnormark.com/ Martin H. Normark

    Approve—
    Sent from Mailbox