IIS7.5 and MVC 2 : Implementing HTTP(S) security

Posted by Program.X on Stack Overflow See other posts from Stack Overflow or by Program.X
Published on 2010-04-20T08:38:20Z Indexed on 2010/04/20 8:43 UTC
Read the original article Hit count: 195

Filed under:
|
|

This is my first ASP.NET MVC application, and my first on an IIS 7.x installation whereby I have to do anything over and above the standard.

I need to enforce Windows authentication on the /Index and /feeds/xxx.svc pages/services. In ASP.NET Web Forms, I would apply the Windows permissions on the files and remove Anonymous authentication in IIS 6. This needs to work over HTTP/S, but don't worry about that, that's in hand.

What happens in MVC/IIS 7?

I have tried modifying the permissions on the /Index.aspx view, which seems to block access. It asks me for a username/password, but does not grant access when I enter a valid username/password. Pressing Escape gives me an exception "*Access to the path 'E:\dev\xxx\xxx.ConsultantRegistration.Web.Admin\Views\ConsultantRegistration\index.aspx' is denied. *", which does get sent as a 401.

So although the username/password does exist on the Index.aspx view, I can't use those credentials to access said view.

I have in my web.config:

What am I missing?

© Stack Overflow or respective owner

Related posts about asp.net-mvc

Related posts about security