Windows Authentication In ASP.NET


Here I will explain a real time scenario of how windows authentication works. Before that I'll explain what authentication is. The answer is simply "to authenticate the users to access for my website/application." How is it done in ASP.NET Not everyone can access (Anonymous) my application, since it is a web application. Security is essential to my web application.

So what are all the ways to authenticate the users to access the application? Please don't confuse this with types of authentication.

Here are the ways to authenticate users to access the application.

  1. Check with windows directory (Windows Authentication)
  2. Check with Database (Forms Authentication- not for all case)
  3. Check with common service provider (Passport Authentication)

Windows Authentication

I am going to explain only Windows authentication. But before that you  should have knowledge about Windows directory. What is Windows directory? In real tim scenario, you have to enter your username and password to access the system in your college Lab/Library. If you enter some other name which is not valid it means you can not log in to the system. How it works is, in your college they normally maintain student details in a common directory called "windows directory." for example my name is "vetri," the password is "vetri;"  they are created like that. When I access the system I have to use the above credentials.

I hope you have a clear picture of what is the windows directory is. In real time, if I am going to create the web application which is used to enter student details in the college, I can go for windows authentication for this requirement, because when students access the application they can log in to  the application with their windows credentials (when you log in to the system, you have entered username and password).

Please refer to the following simple steps to create the windows authentication application.

Step 1:
Open Visual Studio -> New Website -> Select your language C#/VB.Net -> ASP.NET Empty Web Site -> Enter the application name as "Sample_Windows_Auth" ->Select"OK".

Step 2: Add one web form to the website by right click on the website and select Add -> Webform1.aspx

Add Webform

After that Set WebForm1.aspx is "Set as Start Page" by right clicking on that page and choosing the option.

Step 3: Select Web.Config file from the solution explorer and add the following piece of code under <System.Web>,

  1. <authentication mode="Windows">   
  2. </authentication>  
Step 4: Open IIS Server. Open Run -> type integer. before that please make sure the IIS server is installed in your Computer. If not please install the IIS by the following way and restart your Computer.

Goto Control Panel -> Programs and Features -> select Turn Windows Features On or Off from the Left cornor.

Off from

Select Internet Information Services -> World Wide Web select all the types from it. then click Ok. once it is applied please restart your Computer to make sure IIS has been installed in your Computer.

After Install, Open the IIS.

Step 5: After open the IIS server click Sites -> Default Web Site -> configure our application under it.

add application

After there will be pop up windows open to select our application.

pop up windows

Alias: Name can be user defined, not application name dependent. We can give any name.

Application Pool: It is a separate topic. Select the app pool which is should run in ASP.NET Framework4.0. if you select Application pool, you will be having "DefaultAppPool," else you can create the separate pool in the application pool where the above of "Sites" option as below.


Once you have created it then you can map the app pool with your application.

Physical Path: browse and select where your application is stored in your computer. Then select "Ok".

Step 6: Select your application in the IIS. You can see a lot of options in the right panel, you need to select 'Authentication" where first located. When you double click on the "Authentication", it is navigated to other options where all other authentications are available.

By default "Anonymous Authentication" is enabled.


You need to disable the "Anonymous Authentication" and Enable the "Windows Authentication". and right click your application -> Manage Application -> Browse.


Now browser will open with the pop up windows as below:


Here you need to give your windows user name and password. (the credentials you're given when you log in to your machine).


It's all about windows authentication. Please work it out as per the steps in the above. I wish you all the best to do this successfully on your computer.
Read more articles on ASP.NET:


Similar Articles