MVC2 Active Directory Authentication

Question

I'm trying to add Active Directory authentication to a help desk system that was built years ago. Gradually, we'll be upgrading the whole system. I'm starting by creating an MVC2 application that will host the login, and then my plan is to bring current functionality into the MVC as we also add new features.

But the login is the base of the whole thing. We need auditing, so we need to know who's in the system.

I've read articles, other stackoverflow posts, and followed a couple MS walkthroughs to the letter. I was able to get it working as an ASP website, but when it's an MVC application, I can't seem to get it. The ASP application required adding extensive methods, and everything I read makes it sound like MVC should be much simpler.

Here are my IIS settings and the mods I've made to my web.config:

IIS Authentication

• Anonymous: Disabled
• ASP.NET Impersonation: Disabled
• Forms: Enabled

• Windows: Disabled

  ... ...
  

I keep getting the following error:

HTTP Error 401.2 - Unauthorized You are not authorized to view this page due to invalid authentication headers.

End goal is to authenticate the user at the home page. If they can't be authenticated, force the login.

EDIT: Enabled Anonymous Authentication

I enabled Anonymous Authentication to see if any underlying errors might be the source of the problem. I got the following error:

The container specified in the connection string does not exist.

It's finding the error in the definition of MyADMembershipProvider .

<add name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" />

I changed my connection string to the following:

<add name="ADConnectionString" connectionString="LDAP://server.domain.com"/>

That did successfully redirect to the login page, but it didn't authenticate me automatically. And when I set Anonymous to Disabled again, I was back to the original error.

I think I'm missing some essential knowledge here that I'm not getting from the materials I'm reading.

EDIT: Authentication not working at all

I thought it might be worth adding that authentication isn't working at all. MembershipService.ValidateUser always returns false.

Answer 1

I think the solution is in the Authentication type. Originally, I was using the following:

IIS Authentication

• Anonymous: Disabled
• ASP.NET Impersonation: Disabled
• Forms: Enabled
• Windows: Disabled

And in my Web.config file I was using Forms authentication. Apparently for Active Directory authentication, the type has to be Windows.

Original:

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>

Revised:

<authentication mode="Windows" />

<authorization>
  <deny users="?" />
</authorization>

I know this worked, but since I'm new to MVC, I could still be missing something.