Tag Archives: quirks

ASP.NET MVC 3 Windows Authentication problem – redirects to Account/Login

ASP.NET MVC 3 has its quirkiness here and there. Sometimes it’s a lack of support for something, and other times it’s downright buggy.

An issue I came across recently, is something to do with Windows Authentication. There’s a lot of resource on the web on how to run ASP.NET MVC with Windows Authentication. There’s even a project template, the Intranet site, which ships with MVC 3. It should be a no-brainer!

The issue I came across, prevented ASP.NET from using Windows Authentication. Even though I had set authentication mode to Windows in Web.config:

<authentication mode="Windows" />
<authorization>
  <deny users="?" />
</authorization>

And disabled anonymous authentication on the website in IIS – it always redirected all requests to /Account/Login, as if it was using some sort of default Forms Authentication.

This coursed a server error – the dreaded Yellow Screen of Death, since I didn’t have a login form on my site, I had no controller/action for Account/Login.

Known issue

After searching the web for a while, I came across the release notes on the ASP.NET MVC website. At the bottom, there’s a section called ‘Known issues‘, and one of the last issues reads:

There’s a known issue that causes Forms Authentication to always redirect unauthenticated users to ~/Account/Login, ignoring the forms authentication setting used in Web.config. The workaround is to add the following app setting.

      <add key="autoFormsAuthentication" value="false" />

And much to my disappointment, this didn’t do the trick! Long story short, it turned out that I needed another setting as well, as pointed out in the comment of this Stackoverflow question:

<add key="enableSimpleMembership" value="false"/>

After adding the magic settings to my Web.config, everything worked as it should – and Windows Authentication on ASP.NET MVC is now a no-brainer!