current community

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 1 down vote favorite

I have an ASP.NET MVC 3 application with Windows authentication. Now I've added the web api to it (nuget package) and want anonymous access (later on I'll add an api key). But I haven't managed to get it to work.

All my WEB API controllers are under the "/api" path, and none of them have the Authorize attribute.

Here's my current web.config (I removed all the bits and pieces that are irrelevant to this matter):

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.web>
    <authentication mode="Windows" />
    <httpRuntime maxRequestLength="102400" requestPathInvalidCharacters="&lt;,&gt;,*,:,&amp;,\" />
    <authorization>
      <deny users="?" />
    </authorization>
    <roleManager enabled="true" defaultProvider="AspNetSqlRoleProvider">
      <providers>
        <clear />
        <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="..." applicationName="..." />
      </providers>
    </roleManager>
    <profile enabled="false" defaultProvider="AspNetProfileProvider">
      <providers>
        <clear />
        <add name="AspNetProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="..." applicationName="..." />
      </providers>
      <properties></properties>
    </profile>
    <customErrors mode="RemoteOnly" defaultRedirect="~/Error/Generic">
      <error statusCode="404" redirect="~/Error/NotFound" />
      <error statusCode="403" redirect="~/Error/AccessDenied" />
    </customErrors>
  </system.web>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    <security>
      <requestFiltering allowDoubleEscaping="true"></requestFiltering>
    </security>
  </system.webServer>
  <location path="Error">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="Scripts">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="Content">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="api">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
</configuration>

All my requests are getting "HTTP Error 401.2 - Unauthorized", but when I enter some valid windows credentials then the request executes successfully.

So, how can I disable the windows authentication for my WEB API? thanks in advance.

share|improve this question
add comment

1 Answer

up vote 0 down vote

I was able to fix this in my MVC project properties and enabling anonymous authentication.

share|improve this answer
2  
For the reference, could you post your solution? –  ghord Jul 4 '13 at 6:30
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.