Specifies Windows authentication configuration.
configuration Element [IIS 7 Settings Schema] system.webServer Section Group [IIS 7 Settings Schema] IIS 7.0: security Element (IIS Settings Schema) IIS 7.0: authentication Element (IIS Settings Schema) IIS 7.0: windowsAuthentication Element (IIS Settings Schema)
<windowsAuthentication
enabled="True|False"
authPersistSingleRequest="True|False"
AuthPersistNonNTLM="True | False"
UseKernelMode
>
<providers>...</providers>
</windowsAuthentication>
The following sections describe attributes, child elements, and parent elements for this section.
Attributes
Attribute | Description |
|---|
AuthPersistNonNTLM | Optional boolean attribute. Specifies whether IIS automatically re-authenticates every non-NTLM (for example, Kerberos) request, even those on the same connection. True enables multiple authentications for the same connections. The default is False. Note:A setting of False means that the client will be authenticated only once on the same connection. IIS will cache a token or ticket on the server for a TCP session that stays established. |
authPersistSingleRequest | Optional Boolean attribute. Setting this flag to True specifies that authentication persists only for a single request on a connection. IIS resets the authentication at the end of each request, and forces re-authentication on the next request of the session. The default value is False. |
enabled | Required Boolean attribute. Specifies whether Windows authentication is enabled. The default value is False. |
useKernelMode | Optional Boolean attribute. Specifies whether Windows authentication is done in kernel mode. True specifies that Windows authentication uses kernel mode. Kernel-mode authentication may improve authentication performance and prevent authentication problems with application pools configured to use a custom identity. As a best practice, do not disable this setting if you use Kerberos authentication and have a custom identity on the application pool. The default is True. |
Child Elements
Element | Description |
|---|
providers | Optional element. Specifies security support providers used for Windows authentication. |
Parent Elements
Element | Description |
|---|
configuration | Specifies the root element in every configuration file that is used by IIS 7. |
system.webServer | Specifies the top-level section group (in ApplicationHost.config) in which this element is defined. |
security | Specifies the section group that contains security-related sections. |
authentication | Specifies the section group that contains authentication sections. |
Default Configuration
The following default <windowsAuthentication> element is configured in the root ApplicationHost.config file in IIS 7.
<windowsAuthentication enabled="false">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
Configuration locations | Machine.config ApplicationHost.config Root application Web.config Application Web.config Directory Web.config |
Requirements | Microsoft Internet Information Services (IIS) version 7.0 |
Reference