After some searching myself I couldn’t find anything really straight forward for how to tie IIS 7.0 into AD for user authentication. Luckily from the guides I found it was possible to figure out what was needed in order to set things up properly.
- Windows Authentication enabled under IIS service
- Ability to add / change website level web.config file
1. Open IIS Manager and select site profile
2. Double click on Authentication in middle pane (Figure 1)
3. Disable “Anonymous Authentication”
4. Enable “Windows Authentication” (Figure 2)
5. Create or edit web.config file
Configuration file (new) should look like the following:
<compilation debug=”true” />
<authentication mode=”Windows” />
<authorization> <allow roles=”DOMAINNAME\DOMAINGROUP” />
<deny users=”*” />
*DOMAINNAME\DOMAINGROUP – needs to be updated to include the AD group used for access.
And that’s it!