IIS 7.0: windowsAuthentication Element (IIS Settings Schema)
IIS 7.0: windowsAuthentication Element (IIS Settings Schema)

Specifies Windows authentication configuration.

configuration Element [IIS 7 Settings Schema]
  system.webServer Section Group [IIS 7 Settings Schema]
    IIS 7.0: security Element (IIS Settings Schema)
      IIS 7.0: authentication Element (IIS Settings Schema)
        IIS 7.0: windowsAuthentication Element (IIS Settings Schema)
<windowsAuthentication
   enabled="True|False"
   authPersistSingleRequest="True|False"
   AuthPersistNonNTLM="True | False"
   UseKernelMode
>
   <providers>...</providers>
</windowsAuthentication>
Attributes and Elements

The following sections describe attributes, child elements, and parent elements for this section.

Attributes

Attribute

Description

AuthPersistNonNTLM

Optional boolean attribute.

Specifies whether IIS automatically re-authenticates every non-NTLM (for example, Kerberos) request, even those on the same connection. True enables multiple authentications for the same connections.

The default is False.

NoteNote:
A setting of False means that the client will be authenticated only once on the same connection. IIS will cache a token or ticket on the server for a TCP session that stays established.

authPersistSingleRequest

Optional Boolean attribute.

Setting this flag to True specifies that authentication persists only for a single request on a connection. IIS resets the authentication at the end of each request, and forces re-authentication on the next request of the session.

The default value is False.

enabled

Required Boolean attribute.

Specifies whether Windows authentication is enabled.

The default value is False.

useKernelMode

Optional Boolean attribute.

Specifies whether Windows authentication is done in kernel mode. True specifies that Windows authentication uses kernel mode.

Kernel-mode authentication may improve authentication performance and prevent authentication problems with application pools configured to use a custom identity.

As a best practice, do not disable this setting if you use Kerberos authentication and have a custom identity on the application pool.

The default is True.

Child Elements

Element

Description

providers

Optional element.

Specifies security support providers used for Windows authentication.

Parent Elements

Element

Description

configuration

Specifies the root element in every configuration file that is used by IIS 7.

system.webServer

Specifies the top-level section group (in ApplicationHost.config) in which this element is defined.

security

Specifies the section group that contains security-related sections.

authentication

Specifies the section group that contains authentication sections.
Remarks

Default Configuration

The following default <windowsAuthentication> element is configured in the root ApplicationHost.config file in IIS 7.

<windowsAuthentication enabled="false">
   <providers>
      <add value="Negotiate" />
      <add value="NTLM" />
   </providers>
</windowsAuthentication>
Element Information

Configuration locations

Machine.config

ApplicationHost.config

Root application Web.config

Application Web.config

Directory Web.config

Requirements

Microsoft Internet Information Services (IIS) version 7.0
See Also

Reference

IIS 7.0: providers Element for windowsAuthentication (IIS Settings Schema)
© 2009 Microsoft Corporation. All rights reserved.   Terms of Use | Trademarks | Privacy Statement
Page view tracker
Rate the Lightweight library
x
Lightweight builds on ScriptFree (loband) by adding features you've requested: a SearchBox and default code language selection.
Do you like the SearchBox?
Do you like the tabbed code blocks?
How useful is this topic?
Tell us more.
Thanks
x
You're helping to improve MSDN Online.
Feedback
Switch View
x
Classic
Lightweight Beta
ScriptFree
Switch View