I have PHP application that I develop on my local Server 2008 dev server, I then push this to my live site on Azure Cloud Services. This all works fine. In one of my sub folders I have a web.config file with the following in it:
<configuration>
<system.webServer>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
</authorization>
</security>
</system.webServer>
If I attempt to go in to that folder, or view any file in a browser on my dev server I receive the message:
401 - Unauthorized: Access is denied due to invalid credentials.
Which is great!.. If I attempt to go to a file in that folder on my live site, it displays the file just fine. It is completely ignoring the web.config file. I have connected to the running cloud instance of my live site, and can see the web.config file in there.
Why is it being ignored on Azure, but working fine on my dev site?
In case anyone else has the same issue, you need to add a location element to your root web.config/web.cloud.config. It needs to be directly within the configuration element like so:
<configuration>
.....
.....
<location path="--folder or file--">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>