Authentication issue when debugging in VS2013 - iis express

Web Config Windows Authentication Iis Express Visual Studio-2013

Web Config Problem Overview

I'm trying to pick up the windows username when debugging in Visual Studio 2013. I am simply using:

httpcontext.current.user.identity.name

If I run this on my Dev Server it works fine, if I run it in debug mode on any previous version of Visual Studio it also works fine.

My problems is - If i run this on visual studio 2013 I get an empty string.

My web config is as follows.

<system.web>
    <authentication mode="Windows"/>
    <identity impersonate="false"/>
    <authorization>
       <allow users="*"/>
    </authorization>
    <compilation debug="true" strict="false" explicit="true" targetFramework="4.0"/>
    <customErrors mode="Off"/>
</system.web>

Web Config Solutions

Solution 1 - Web Config

I had just upgraded to VS 2013 from VS 2012 and the current user identity (HttpContext.User.Identity) was coming through as anonymous.

I tried changing the IIS express applicationhost.config, no difference.

The solution was to look at the properties of the web project, hit F4 to get the project properties when you have the top level of the project selected. Do not right click on the project and select properties, this is something entirely different.

Change Anonymous Authentication to be Disabled and Windows Authentication to be Enabled.

Works like gravy :)

Solution 2 - Web Config

As I was researching this I found my answer, but can't find the answer on the internet, so I thought I'd share this:

I fixed my issue by modifying my applicationhost.config file. My file was saved in the "\My Documents\IISExpress\config" folder.

It seems that VS2013 was ignoring my web.config file and applying different authentication methods.

I had to modify this portion of the file to look like the below. In truth, I only modified the anonymousAuthentication to be false and the windowsAuthentication mode to true.

<authentication>

  <anonymousAuthentication enabled="false" userName="" />

  <basicAuthentication enabled="false" />

  <clientCertificateMappingAuthentication enabled="false" />

  <digestAuthentication enabled="false" />

  <iisClientCertificateMappingAuthentication enabled="false">
  </iisClientCertificateMappingAuthentication>

  <windowsAuthentication enabled="true">
    <providers>
      <add value="Negotiate" />
      <add value="NTLM" />
    </providers>
  </windowsAuthentication>

</authentication>

Solution 3 - Web Config

In Visual Studio 2013 AND VS15 (but i guess if the same for all other version) just press F4 and change this two properties: -Anonymous Authentication: Disable -Windows Authentication: Enable

Solution 4 - Web Config

In VS2013 F4 on your project to view properties window and disable Anonymous access and enable "Windows authentication"

Then it will work. No need to change anything else

Solution 5 - Web Config

VS 2015 changes this. It added a .vs folder to my web project and the applicationhost.config was in there. I made the changes suggested (window authentication = true, anon=false) and it started delivering a username instead of a blank.

Solution 6 - Web Config

Open up the applicationHost.config file located in the C:\Users[userid]\Documents\IISExpress\config folder. Inside this file change the overrideModeDefault of anonymousAthentication and windowsAuthentication to "Allow"

 <sectionGroup name="security">
                <section name="access" overrideModeDefault="Deny" />
                <section name="applicationDependencies" overrideModeDefault="Deny" />
                <sectionGroup name="authentication">
                    <section name="anonymousAuthentication" overrideModeDefault="Allow" />
                    <section name="basicAuthentication" overrideModeDefault="Deny" />
                    <section name="clientCertificateMappingAuthentication" overrideModeDefault="Deny" />
                    <section name="digestAuthentication" overrideModeDefault="Deny" />
                    <section name="iisClientCertificateMappingAuthentication" overrideModeDefault="Deny" />
                    <section name="windowsAuthentication" overrideModeDefault="Allow" />
                </sectionGroup>

Next change lockItem to be "false" for AnonymousAuthenticationModule and WindowsAuthenticationModule

  <system.webServer>
            <modules>
                <!--
                <add name="HttpCacheModule" lockItem="true" />
-->
                <add name="DynamicCompressionModule" lockItem="true" />
                <add name="StaticCompressionModule" lockItem="true" />
                <add name="DefaultDocumentModule" lockItem="true" />
                <add name="DirectoryListingModule" lockItem="true" />
                <add name="IsapiFilterModule" lockItem="true" />
                <add name="ProtocolSupportModule" lockItem="true" />
                <add name="HttpRedirectionModule" lockItem="true" />
                <add name="ServerSideIncludeModule" lockItem="true" />
                <add name="StaticFileModule" lockItem="true" />
                <add name="AnonymousAuthenticationModule" lockItem="false" />
                <add name="CertificateMappingAuthenticationModule" lockItem="true" />
                <add name="UrlAuthorizationModule" lockItem="true" />
                <add name="BasicAuthenticationModule" lockItem="true" />
                <add name="WindowsAuthenticationModule" lockItem="false" />

Making these changes will allow the existing web config settings to override what is in the applicationHost file for IIS Express.

Solution 7 - Web Config

You could also modify the project properties for your web project, choose "Web" from left tabs, then change the Servers drop down to "Local IIS". Create a new virtual directory and use IIS manager to setup your site/app pool as desired.

I prefer this method, as you would typically have a local IIS v-directory (or site) to test locally. You won't affect any other sites this way either.

Web Project Properties

Solution 8 - Web Config

It appears that the right answer is provided by user3149240 above. However, As Neil Watson pointed out, the applicationhost.config file is at play here.

The changes can actually be made in the VS Property pane or in the file albeit in a different spot. Near the bottom of the applicationhost.config file is a set of location elements. Each app for IIS Express seems to have one of these. Changing the settings in the UI updates this section of the file. So, you can either change the settings through the UI or modify this file.

Here is an example with anonymous auth off and Windows auth on:

<location path="MyApp">
    <system.webServer>
        <security>
            <authentication>
                <windowsAuthentication enabled="true" />
                <anonymousAuthentication enabled="false" />
            </authentication>
        </security>
    </system.webServer>
</location>

This is equivalent in the VS UI to:

Anonymous Authentication: Disabled
Windows Authentication: Enabled

Solution 9 - Web Config

F4 doesn't always bring me to this panel. Besides, it is often said that a picture is worth a thousand words.

Content Type	Original Author	Original Content on Stackoverflow
Question	Neil Watson	View Question on Stackoverflow
Solution 1 - Web Config	Toby Simmerling	View Answer on Stackoverflow
Solution 2 - Web Config	Neil Watson	View Answer on Stackoverflow
Solution 3 - Web Config	ThaNet	View Answer on Stackoverflow
Solution 4 - Web Config	James Pressley	View Answer on Stackoverflow
Solution 5 - Web Config	Tom McDonald	View Answer on Stackoverflow
Solution 6 - Web Config	ngiunta	View Answer on Stackoverflow
Solution 7 - Web Config	ScottLenart	View Answer on Stackoverflow
Solution 8 - Web Config	EricksonG	View Answer on Stackoverflow
Solution 9 - Web Config	Weihui Guo	View Answer on Stackoverflow