Introduction
I have spent hours and hours getting my intranet website working using Windows authentication, but I just couldn't get it to work. All I got was the error message "You do not have permission to view this directory or page".
I had added an AD connectionstring
to the web.config, added a membership provider section and tried all options including configuring an AD connectionUsername
and Password
, but it still didn't work.
Eventually, I found the solution and it's oh so simple!!
Background
Windows Server 2012 and higher, by default, are extremely secure. Everything you need on the server you have to install, activate or configure.
One thing you do not have to configure (if you are working on an Intranet site and everything is available within one domain) is your connection to the AD (Active Directory) server. So we don't need the membership provider section nor the AD connectionstring
in the web.config!
But then, why is it that I was still unauthorized!
Well, it turns out all that's left to do is grant access to the installation path of your website to the "Authenticated Users" group and then you're good to go!
Using the Code
In your web.config, within the <system.web>
tag, you need to add the following:
<system.web>
...
<authentication mode="Windows">
</authentication>
<authorization>
<deny users="?" />
</authorization>
...
</system.web>
On the server, find the installation path of you web application (e.g. C:\inetpub\wwwroot\YourApp).
Go to the properties of that folder --> security tab and add the local "Authenticated Users" group.
Finally, grant the "Authenticated Users" group right to Read & execute, List folder contents and Read.
For example: