windowsAuthentication Element [IIS Settings Schema]
Note
For more information about the windowsAuthentication element, see the following topic on the Microsoft IIS.net Web site: Windows Authentication <windowsAuthentication>.
Specifies Windows authentication configuration.
Syntax
Attributes and Elements
The following sections describe attributes, child elements, and parent elements for this section.
Attributes
Attribute |
Description |
|---|---|
AuthPersistNonNTLM |
Optional boolean attribute. Specifies whether IIS automatically re-authenticates every non-NTLM (for example, Kerberos) request, even those on the same connection. False enables multiple authentications for the same connections. The default is False. Note A setting of True means that the client will be authenticated only once on the same connection. IIS will cache a token or ticket on the server for a TCP session that stays established. |
authPersistSingleRequest |
Optional Boolean attribute. Setting this flag to True specifies that authentication persists only for a single request on a connection. IIS resets the authentication at the end of each request, and forces re-authentication on the next request of the session. The default value is False. |
enabled |
Required Boolean attribute. Specifies whether Windows authentication is enabled. The default value is False. |
useKernelMode |
Optional Boolean attribute. Specifies whether Windows authentication is done in kernel mode. True specifies that Windows authentication uses kernel mode. Kernel-mode authentication may improve authentication performance and prevent authentication problems with application pools configured to use a custom identity. As a best practice, do not disable this setting if you use Kerberos authentication and have a custom identity on the application pool. The default is True. |
Child Elements
Element |
Description |
|---|---|
extendedProtection |
Optional element. Specifies extended protection options for Windows authentication. Note This element was added in IIS 7.5. |
providers |
Optional element. Specifies security support providers used for Windows authentication. |
Parent Elements
Element |
Description |
|---|---|
configuration |
Specifies the root element in every configuration file that is used by IIS 7. |
system.webServer |
Specifies the top-level section group (in ApplicationHost.config) in which this element is defined. |
security |
Specifies the section group that contains security-related sections. |
authentication |
Specifies the section group that contains authentication sections. |
Remarks
For more information about the windowsAuthentication element, see the following topic on the Microsoft IIS.net Web site: Windows Authentication <windowsAuthentication>.
Element Information
Configuration locations |
Machine.config ApplicationHost.config Root application Web.config Application Web.config Directory Web.config |
Requirements |
Microsoft Internet Information Services (IIS) version 7.0 |
See Also
Reference
extendedProtection Element for windowsAuthentication [IIS Settings Schema]
providers Element for windowsAuthentication [IIS Settings Schema]