IIS 7.0 Basic AD Authentication

After some searching myself I couldn’t find anything really straight forward for how to tie IIS 7.0 into AD for user authentication. Luckily from the guides I found it was possible to figure out what was needed in order to set things up properly.


  • Windows Authentication enabled under IIS service
  • Ability to add / change website level web.config file

1. Open IIS Manager and select site profile
2. Double click on Authentication in middle pane (Figure 1)

Figure 1 (IIS Manager)

3. Disable “Anonymous Authentication”
4. Enable “Windows Authentication” (Figure 2)

Figure 2 (IIS Manager – Authentication)

5. Create or edit web.config file

Configuration file (new) should look like the following:
<?xml version=”1.0″?>
<compilation debug=”true” />
<authentication mode=”Windows” />
<authorization> <allow roles=”DOMAINNAME\DOMAINGROUP” />
<deny users=”*” />

*DOMAINNAME\DOMAINGROUP – needs to be updated to include the AD group used for access.

And that’s it!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s