Altering a Windows Authenticating MVC Site to be Standard Login non WA to run from Internet

I have an mvc application that has been coded to use Windows authentication and runs on an internal intranet. It validates users by matching user.identity.name to what is in the aspnet_users table, this is all good.

However, i have started creating an internet version to run on the web. All the existing default code for account.mvc/LogOn etc is still in place in the app - with associated controller code etc. So far i have taken the following steps:

1) Firstly I went into IIS and switchen off windows authentication 2) Then I altered t开发者_StackOverflow社区he section on my web.con fig from:

<authentication mode="Windows"></authentication>

to:

<authentication mode="Forms">
  <forms loginUrl="~/Account.mvc/LogOn" timeout="2880"/>
</authentication>

Then I tried running the application and navigated to http://localhost/LMS/account.mvc/logon but i get:

HTTP 401.2 - Unauthorized: Logon failed due to server configuration Internet Information Services

I then went into my event logs for the day but all it gives me is what i already know, i.e. its a 401 error

Does anyone know which other steps i need to take to make this security change so that i can hit these account view pages?

Many thanks in advance

John

Check if Basic authentication is enabled for the webapp in IIS. Also, use Fiddler to check if the 401 response contains WWW-Authenticate header. If there's one, IIS is trying to negotiate a different authentication method.

For more info and things to look at - TechNet's 401.1 and 401.2-Authentication Problems