To enable Windows Authentication within an ASP.NET
Application, you should make sure that you have “Integrated Windows
Authentication” (formerly called NTLM authentication) enabled within IIS for
the application you are building.
You should then add a web.config file to the root directory of your ASP.NET
application that contains an <authentication> section which sets the mode
to “Windows”.
You should also then add an <authorization> section to
the same web.config file that denies access to “anonymous” users visiting the
site. This will force ASP.NET to always authenticate the incoming browser
user using Windows Authentication – and ensure that from within code on the
server you can always access the username and Windows group membership of the
incoming user.
The below web.config file demonstrates how to configure both
steps described above:
<configuration>
<system.web>
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>
Note that the <deny users=”?”/> directive within the
<authorization> section above is what tells ASP.NET to deny access to the
application to all “anonymous” users to the site (the “?” character means
anonymous user). This forces Windows to authenticate the user, and
ensures that the username is always available from code on the server.