Getting started

First you need to install AlexZh.WindowsAuthentication module (Installing Modules and Themes). After installing the module it is necessary to enable Windows Authentication Feature on the Modules\Features menu, under the Authentication category. This will register feature in Orchard and create new options on the Settings\Users menu.

Configure Windows Authentication feature

After installing the module you can see the next options on the Settings\Users dashboard menu:

Windows Authentication Configuration Options

  • You can enable or disable windows authentication.
  • You can choose email domain for every windows user in Orchard (like then user email calculates as <user_name> If the domain is empty new user will register without email address.
  • You can select default roles for new windows user (no roles by default).

After configure rules for windows authenticated users you can create new user with name the same as windows account name and add this user to Administrator role it will be admin user for Orchard with windows authentication.

Now you can enable windows authentication in Web.config file of Orchard.Web folder (just replace Forms on Windows):


    The <authentication> section enables configuration 
    of the security authentication mode used by 
    ASP.NET to identify an incoming user. 
<authentication mode="Windows">
    <forms loginUrl="~/Users/Account/AccessDenied" timeout="2880" />


 Please avoid routes referenced to Users/Account space. It may cause exceptions in Orchard.Users module, because Orchard.Users does not support windows authentication! You can avoid this routes by making changes in your current theme (just remove links on LogOn, LogOff, ChangePassword etc).

Last edited Jun 15, 2011 at 1:26 PM by AlexZh, version 4


hvaughan3 Dec 29, 2014 at 8:33 PM 
For anyone else that is having issues with the instructions above, I found that just changing the word 'Forms' to 'Windows' caused more issues. I found that I had to completely replace the following (within my web.config file in the Orchard.Web project):

<authentication mode="Forms">
<forms loginUrl="~/Users/Account/AccessDenied" timeout="2880" />

With the lines below:

<authentication mode="Windows"/>
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"/>
<allow roles="XXXX\Domain Users"/>
<deny users="?"/>

Where 'XXXX' is your domain name of choice. I found the lines above from the following site (although the link below is referring to a different Active Directory module):

Finally, you also need to enable Windows Authentication within Visual Studio (or IIS / IISExpress). To do that, make sure the site is not running, open the Solution Explorer, click and highlight the Orchard.Web project and hit F4 on your keyboard. You should see the option to change 'Windows Authentication' Enabled. Also, if you do not have any web pages that should be publicly available (example: an intranet site), you can switch 'Anonymous Authentication' to Disabled.