IIS 7 and Above
Windows Authentication, allowing all users when it shouldn't.
Last post Oct 08, 2018 07:02 AM by Terry Peng
Oct 04, 2018 05:48 PM|citnadxela|LINK
Created a site in IIS for certain users to access. The site is using Windows Authentication. In the site, users are added. These users are added should be able to access the site wi/out having to login due to Windows Authentication. That is working,
however, the issue is, anyone that accesses the site is automatically logged in. If a user is not added, they should not be automatically logged in. In my web.config file, this is what I have:
<forms name="website" loginUrl="~/auth/login.aspx" timeout="10000" slidingExpiration="true" cookieless="UseDeviceProfile" defaultUrl="index.aspx"></forms>
<deny users="?" />
If additional details are needed, please let me know. Any help will greatly be appreciated.
Oct 08, 2018 07:02 AM|Terry Peng|LINK
According to your description, It still sounds like that the site are still using anonymous authentication rather windows authentication. I would suggest you create a simple site and use HttpContext.Current.Request.LogonUserIdentity.Name to return the current
If the user account is IUSR account or application pool account, the site do use anonymous. I would suggest you go to Authentication and disable authentications excepts Windows Authentication.
If not, please share us the account information.