Checklist for setting up Windows Authentication in EPiServer on a development machine
Sep 03, 2010
If you want to skip the long descriptions and prefer a list then simply skip to the list at the bottom of the page.
I was setting up windows authentication for an EPiServer site on my development machine. The requirement was simple: have a windows authenticated site, with no anonymous access and therefore no log in. It was a fairly new build and I'd not used the windows membership and role providers before on this particular machine. There turned out to be quite a few steps in the end so I thought I'd write about them here. All steps are designed for Windows 7 / IIS7.x but can easily be replicated on previous versions of Windows.
1. I enabled the providers and switched to windows authentication in web.config:
2. Next up was IIS configuration. Go to IIS > [Your site] > Authentication > Ensure "Windows Authentication" is enabled. Disable any other forms of authentication:
If Windows Authentication is not an option then ensure that windows integrated authentication is enabled as a feature in IIS. Go to Control Panel > Programs > Turn Windows features on or off > Internet Information Services > World Wide Web Services > Security > Windows Authentication and check it if its not already checked:
3. I remembered I needed to set the site up as being on the local intranet to ensure the Windows Authentication headers are sent when you try to access the site. This done in Internet Options available from Control Panel > Network and Internet > Internet Options or from IE > Tools > Internet Options. Once there go to Security > Local intranet > Sites > Advanced and add your local name:
4. However after all of this I was still getting prompted for my log in credentials. Even worse was the fact that even after putting the correct credentials in I wasn't being let in. So after a bit of digging I found a knowledge base article that solved the problem. It turns out I needed to hack the registry to enable integrated windows authentication on my own machine. Follow the instructions described in the article: http://support.microsoft.com/kb/896861/en-us
Steps to enable Windows authentication for an EPiServer site on a development machine:
- Enable Windows membership and role providers in web.config
- Enable Windows authentication in IIS and disable anonymous authentication
- Add the site to the "Local intranet" list of sites in Internet Options
- Ensure that the machine allows Windows Integrated authentication using a local loopback address by following the steps here: http://support.microsoft.com/kb/896861/en-us