How To Enable Windows Authentication When Using IISExpress

Back in early October, my employer temporarily assigned me to a project to replace an existing Access-based application. After initial meetings with the client, it was decided that an ASP.NET MVC 4 and SQL Server 2008 solution would be the best way to deliver what the client was looking for while also removing many of the rough edges from the legacy application. One thing I like about building intranet applications is that your client has standardized on a particular browser. In this case it is IE8+. Since the users of the web application will all be connected to the client’s Active Directory, we decided to use that for authentication. I would have liked to also manage roles/groups through AD as well, but that was shot down.

Fast forward to the end of December and my employer has hired a new resource to take over the work. The new resource downloads all the source code on to his freshly re-paved laptop, opens up Visual Studio 2012 and attempts to start the application. The code builds fine, the web browser pops up, and then an exception with the following message is thrown:

Trust relationship between the primary domain and trusted domain failed

By default, IISExpress has Windows Authentication turned off. To turn it on, we need to add the following code to the bottom of the “\My Documents\IISExpress\config\applicationhost.config” file.

   1:  <location path="MyWebsite">
   2:      <system.webServer>
   3:          <security>
   4:              <authentication>
   5:                  <anonymousAuthentication enabled="false" />
   6:                  <windowsAuthentication enabled="true" />
   7:              </authentication>
   8:          </security>
   9:      </system.webServer>
  10:  </location>

Now, you will need to change the path attribute on the location element to match the name of your website. In this case, my website’s URL is “http://localhost:5439/MyWebsite/”. Next you can tweak the authentication elements to work the way you need them to. In this case, I only want authenticated users to allowed access to the website.

Once these changes were made on the new resources laptop, he was up and running. This occupied some of my time the other day to figure out what was going on and this blog post is here to serve as a reminder to me and maybe other people who are having the same issue.

Leave a Reply

Your email address will not be published. Required fields are marked *