How to enable “Windows Authentication” for your websites?

There are few things which we need to do before access the website using windows authentication.


Add or replace existing Authentication Tag

IIS Express with Visual Studio:

  • Click on your project in the Solution Explorer to select the project.
  • Open Properties pane suing F4.
  • In the Properties pane for your project:
    a) Set “Anonymous Authentication” to “Disabled”.
    b) Set “Windows Authentication” to “Enabled”.

IIS 7 or later:

  • Open IIS Manager and navigate to your website.
  • In Features View, double-click Authentication.
  • On the Authentication page, select Windows authentication. If Windows authentication is not an option, you’ll need to make sure Windows authentication is installed on the server.

To enable Windows authentication on Windows Desktop:

  • In Control Panel open “Programs and Features”.
  • Select “Turn Windows features on or off”.
  • Navigate to Internet Information Services > World Wide Web Services > Security and make sure the Windows authentication node is checked.

To enable Windows authentication on Windows Server:

  • In Server Manager, select Web Server (IIS) and click Add Role Services.
  • Navigate to Web Server > Security and make sure the Windows authentication node is checked.

To turn on BitLocker Encryption in Windows 10/11.

  • You must be login using Administrator Account.
  • Click Start button, and then under Windows System, select Control Panel. In Control Panel, select System and Security, and then under BitLocker Drive Encryption, select Manage BitLocker.
  • Select Turn on BitLocker and then follow the instructions.
  • Make Sure you Save the Key.

Cannot load Counter Name data because an invalid index ” was read from the registry

Cannot load Counter Name data because an invalid index ” was read from the registry

When we are trying to read system performance counters, some time we will get this type of error on machines.

“Cannot load Counter Name data because an invalid index ” was read from the registry”

To fix the issue:

Click the START button
Type CMD
Right click CMD PROMPT and select “Run As Administrator”
Type LODCTR /r
Wait a few seconds, you will get “Error: Unable to rebuild performance counter setting from system backup store, error code is 2”

Now again Type LODCTR /r

This time it will run successfully with the message “Info: Successfully rebuilt performance counter setting from system backup store”

Close he CMD.

ORA-28001: The password has expired

The password life of the applications as well as operating systems are limited. To enabling more security we are getting some alert in daily life that we need to chage our passwords regularly on fixed inerval.

If we don’t change before the applications limitation, it will expired.

The other day when I was opening SQL Developer, I got message popup “ORA-28001: The password has expired”.

To fix this issue we need to connect Oracle with SYSDBA OR SYSTEM user and do the following things.

STEP 1: Check the users status.



STEP 2: Set the password of locked user.


STEP 3: Unlock the user account.


STEP 4: Check the user status again is not locked anymore.


USERNAME                         ACCOUNT_STATUS

How to get list of all always encrypted columns in SQL Server

We do have “Always encrypted” feature in SQL 2016 and later versions, from this feature we can encrypt the column data instead of encrypting whole database.  Sensitive data like credit card numbers, SSN.
We need to prepare a list of encrypted columns at some where to track for future.
Without tracking anywhere in the documents we can run the simple SQL query which returns all the columns in respective tables and encryption type.

SELECT AS TableName, AS ColumnName, AS KeyName,
FROM sys.columns c
INNER JOIN sys.column_encryption_keys k ON c.column_encryption_key_id = k.column_encryption_key_id
INNER JOIN sys.tables t ON c.object_id = t.object_id
WHERE encryption_type IS NOT NULL



SQL Server – List all the Constraints by Table or by Column Name

List all Constraints of the Database:

SELECT OBJECT_NAME(object_id) AS ConstraintName,
SCHEMA_NAME(schema_id) AS SchemaName,
type_desc AS ConstraintType
FROM sys.objects

List Constraints  on table column:

 Select SysObjects.[Name] As [Contraint Name] ,Tab.[Name] as [Table Name],Col.[Name] As [Column Name]
From SysObjects Inner Join (Select [Name],[ID] From SysObjects Where XType = 'U') As Tab
On Tab.[ID] = Sysobjects.[Parent_Obj]
Inner Join sysconstraints On sysconstraints.Constid = Sysobjects.[ID]
Inner Join SysColumns Col On Col.[ColID] = sysconstraints.[ColID] And Col.[ID] = Tab.[ID]
WHERE Tab.[Name] ='Employee' AND Col.[Name]='DOB'
order by Col.[Name]

SQL Server 2016 Always Encrypted Timeout at IIS

Always Encrypted is a feature designed by the Microsoft in SQL Server 2016 to protect sensitive data, such as credit card numbers or national identification numbers (SSN). It allows clients to encrypt sensitive data inside client applications.

When you work with Always Encrypted in development environment, it will be works fine because it requires certificate keys, which will be already installed on Dev machine. But when you moved to production environment it will not work. The Certificate needs to install on that server to run the web application. Without it encryption will not work. You will get database timed out error or encryption error while run the application.

For example:
Execution Timeout Expired.  The timeout period elapsed prior to completion of the operation or the server is not responding.

To resolve this error, you need to install the certificate on the server for specific user. After that you have to defined, selected user in application pool advanced properties. Which user you need to enabled the “Load user profile” property too under “Process Model”.


Basic Authentication in ASP.Net MVC Web API

ASP.NET Web API is a great tool to create lightweight, HTTP services that reach a broad range of clients, including all browsers and mobile platforms.

In most of scenarios we need authentication to restrict services . There are two ways to restrict it

– Forms authentication
– Windows authentication

Forms authentication is a mechanism that works well in interactive web applications, but Windows authentication is not widely used. Now days services are invoked from the browser using jquery or javascripts for mobile platforms because application are widely used on mobile devices.

HTTP authentication is part of the standard protocol and can be easily handled by client and mobile platforms. To implement Basic authentication in ASP.NET Web API by extending AuthorizeAttribute. But its sometimes not working well, Another a custom message handler by deriving from DelegateHandler class.

Below is the code sample which is deriving from DelegateHandler class and working well.

Code Block:

public class BasicAuthMessageHandler : DelegatingHandler
private const string BasicAuthResponseHeader = "WWW-Authenticate";
private const string BasicAuthResponseHeaderValue = "Basic";

public IProvidePrincipal PrincipalProvider = new DummyPrincipalProvider();

public BasicAuthMessageHandler(HttpConfiguration httpConfiguration)
InnerHandler = new HttpControllerDispatcher(httpConfiguration);

protected override System.Threading.Tasks.Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
AuthenticationHeaderValue authValue = request.Headers.Authorization;
if (authValue != null && !String.IsNullOrWhiteSpace(authValue.Parameter))
Credentials parsedCredentials = ParseAuthorizationHeader(authValue.Parameter);
if (parsedCredentials != null)
IPrincipal myPrincipal = PrincipalProvider.CreatePrincipal(parsedCredentials.Username, parsedCredentials.Password);
Thread.CurrentPrincipal = myPrincipal;
HttpContext.Current.User = myPrincipal;
return base.SendAsync(request, cancellationToken)
.ContinueWith(task =>
var response = task.Result;
if (response.StatusCode == HttpStatusCode.Unauthorized
&& !response.Headers.Contains(BasicAuthResponseHeader))
, BasicAuthResponseHeaderValue);

if (response.StatusCode == HttpStatusCode.Unauthorized)
var content = new StringContent("Invalid Credentials");
response.Content = content;
response.StatusCode = System.Net.HttpStatusCode.Unauthorized;
return response;

private Credentials ParseAuthorizationHeader(string authHeader)
string[] credentials = Encoding.ASCII.GetString(Convert
new[] { ':' });
if (credentials.Length != 2 || string.IsNullOrEmpty(credentials[0])
|| string.IsNullOrEmpty(credentials[1])) return null;
return new Credentials()
Username = credentials[0],
Password = credentials[1],

public interface IProvidePrincipal
IPrincipal CreatePrincipal(string username, string password);

public class Credentials
public string Username { get; set; }
public string Password { get; set; }

public class DummyPrincipalProvider : IProvidePrincipal
public IPrincipal CreatePrincipal(string username, string password)
//check user using any membership provider Websecurity/Membership
if (!WebSecurity.Login(username, password, persistCookie: false))
return null;
var identity = new GenericIdentity(username);
IPrincipal principal = new GenericPrincipal(identity, Roles.GetRolesForUser(username));
return principal;


name: "DefaultApi",
routeTemplate: "api/{controller}/{action}/{id}",
defaults: new { id = RouteParameter.Optional },
constraints: null,
handler: new BasicAuthMessageHandler(GlobalConfiguration.Configuration)


public class ValuesController : ApiController
// GET api/values
public IEnumerable<string> Get()
return new string[] { "first", "second" };


using (HttpClient client = new HttpClient())
client.BaseAddress = new Uri("");
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Authorization", Convert.ToBase64String(Encoding.ASCII.GetBytes(String.Format("{0}:{1}", userName, password))));
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var Response =await client.GetAsync("api/accounts/validateuser");