Search code examples
authenticationiiswindows-authenticationiis-8.5

IIS 8.5: Change authentification mode for url sub path

We have a client intranet web application running as a remote proxy on IIS 8.5 with Windows Authentication enabled. Now, we need to disable Windows Authentication and enable Anonymous Authentication on the URL sub path /api/ to make all data from this path publicly availailbe within the client intranet domain.

Actually, the solution from chensformers (Add authentication to subfolders without creating a web application) sounds quite promising. However didn't get it to run yet as I am missing a section declaration.

How to configure IIS 8.5 to achieve this?

Solution

  • After long trying, I found the answer myself. The answer is two-parted:

    1. The answer of @Tim Lewis (Allow anonymous authentication for a single folder in web.config?) led me to the right configuration. In the file applicationHost.config in C:\Windows\System32\inetsrv\config, I changed the following lines from Deny to Allow: 

      <section name="access" overrideModeDefault="Allow" />
<section name="anonymousAuthentication" overrideModeDefault="Allow" />
<section name="windowsAuthentication" overrideModeDefault="Allow" />

      Then inside the web.config from C:\inetpub\wwwroot, I inserted the following lines before the last </configuration> tag: 

      <location path="api">
  <system.web>
    <authorization>
      <allow users="*" />
    </authorization>
  </system.web>
  <system.webServer>
    <security>
      <authentication>
        <anonymousAuthentication enabled="true" />
      </authentication>
    </security>
  </system.webServer>
</location>

      After restarting IIS Manager and the server, the windows authentication from the main domain should be overwritten for the sub path (/api in my case) and every URL inside the sub path should be publicly available.

    2. However, if this configuration doesn't work at first, it could be that your editor of choice (in my case Notepad++) does not open the correct content of appplictionHost.config (for whatever reason) and all changes in it don't take effect at all (also see @MeanGreen Applicationhost.config not showing changes).

      I solved it by installing and using Notepad2 x64 (http://www.flos-freeware.ch/notepad2.html). After this, the above changes took effect and worked immediately.

    PS: see also http://forums.iis.net/t/1233382.aspx?IIS+8+5+Change+authentification+mode+for+url+sub+path for a longer discussion of this topic.