MVC 4.5 Authentication Differences - Individual User Accounts and Windows Authentication (Part 1)

When you create a new web site project using Visual Studio using ASP.NET 4.5 Templates, you have the option to change the authentication used by your web application. I am only going to cover the differences between the Individual User Accounts and Windows authentication in this post.

There is a lot of coverage about when to use the various authentication types already out there, but not the specific differences between the project files. This post starts to cover that.

Starting with a new solution/project (images used are from Visual Studio 2015 Update 1):

Which will bring you to:

Select the ASP.NET Web Application. That will cause this dialog to display:

The default authentication is Individual User Accounts. Change the selection to Windows Authentication.

The included files are very similar to the Individual User Accounts authentication method with the following differences:

\Application Directory\.vs\config\applicationhost.config has the added block:

<location path="MVC4_5">
        <system.webserver="">
            <security>
                <authentication>
                    <windowsauthentication enabled="true">
                    <anonymousauthentication enabled="false">
                </anonymousauthentication>
            </security>
        </system.webserver="">
    </location>

\Application Directory\packages.config removes these references:

• EntityFramework
• Microsoft.AspNet.Identity.Core
• Microsoft.AspNet.Identity.EntityFramework
• Microsoft.AspNet.Identity.Owin
• Microsoft.Owin
• Microsoft.Owin.Host.SystemWeb
• Microsoft.Owin.Security
• Microsoft.Owin.Security.Cookies
• Microsoft.Owin.Security.Facebook
• Microsoft.Owin.Security.Google
• Microsoft.Owin.Security.MicrosoftAccount
• Microsoft.Owin.Security.OAuth
• Microsoft.Owin.Security.Twitter
• Owin

\Application Directory\Application Name.csproj removes various sections relating to the no longer included references above. It changes these elements to mirror the changes made to the \Application Directory\.vs\config\applicationhost.config file:

• XML

  <IISExpressAnonymousAuthentication>disabled</IISExpressAnonymousAuthentication>

• XML

  <IISExpressWindowsAuthentication>enabled</IISExpressWindowsAuthentication>

\Application Directory\Web.config removes these sections relating to the no longer included references above:

• Note: This code has been abbreviated:
  XML

  <configSections>
      <section name="entityFramework" ... />
    </configSections>
    <connectionStrings>
      <add name="DefaultConnection" ... />
    </connectionStrings>

• XML

  <modules>
        <remove name="FormsAuthentication" />
      </modules>

• The <runtime><assemblyBinding><dependentAssembly>'s for Owin
• The entire <entityFramework> element

It changes the <system.web><authentication> mode to Windows.

It adds to the <system.web> element:

• XML

  <authorization>
        <deny users="?" />
      </authorization>

\Application Directory\App_Start\ removes these files:

• IdentityConfig.cs
• Start.Auth.cs

Only the Home Controller is included in the project.

No Models are included in the project.

Only Home and Shared Views are included in the project. The View files have minor differences to accommodate the missing or different Models.