2

I have 2 projects in the solution, a console app and the MVC project. The console app will fire a request to http://localhost:68220/MyMvcArea/MyMvcController/MyMvcMethod. The MyMvcMethod is decorated with [Authorized] attribute in the MVC controller.

Debugging was OK in Visual Studio 2010 and 2012 with the development server using Windows Authentication mode. Now I'm trying out Visual Studio 2013 with the same solution, I'm getting a 401 - Unauthorized response.

I enabled Windows Authentication for my MVC project in both the global applicationhost.config file and in the project properties, I can access to the method in a browser, but the console app still gets a 401 response. The console app is also running under my Windows account as I can verify it in the Task Manager.

Does anyone know how to get around with this? I only need this to work for the debugging IIS Express in Visual Studio.

Edit:

I've checked the IIS Express log, the sub-status code is 2. So according to MSDN, 401.2 refers to "Logon failed due to server configuration".

Improve this question
2
  • I may be missing the point, but the job of Authorized attribute is not to let anonymous users to execute the controller. I'm very surprised to hear that it worked in VS 2010 / VS 2012 - makes me thing you might be having a security hole. Commented Nov 13, 2013 at 23:37
  • You are right zespri. I was wrong about the anonymous part. The web.config file of the project didn't have any authentication settings so I assumed that it was using anonymous mode. After some fiddling around, I realized that it was using Windows authentication by default. I've updated my question to reflect this. Commented Nov 13, 2013 at 23:49

2 Answers 2

Reset to default
4

I had the same issue. The short workaround is to allow Windows Authentication in IIS Express: "\Documents\IISExpress\config\applicationhost.config"

Change

<windowsAuthentication enabled="false">

To 

<windowsAuthentication enabled="true">

As detailed here: Authentication issue when debugging in VS2013 - iis express

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Actually my global config file already had it set to enabled: <windowsAuthentication enabled="true"> <providers> <add value="Negotiate" /> <add value="NTLM" /> </providers> </windowsAuthentication>
1

I found a work around to this problem. When creating the web request in windows service, I need to explicitly set the credential:

request.Credentials = CredentialCache.DefaultNetworkCredentials;

However, we never needed to do this in VS2012, this looks a bit like a bug to me in the new version of IIS Express now.

Edit: The above line is needed before each request is sent to the server, for example:

var request = (HttpWebRequest)WebRequest.Create(url);
request.Credentials = CredentialCache.DefaultNetworkCredentials;
request.BeginGetResponse(AsyncResponseCallback, state);
Improve this answer

2 Comments

Where did you place this in an MVC application?
I should have been more specific about the location of the code. You need to do before sending your request to the server at client side. I have edited the answer to reflect this.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.