Mixed Authentication in IIS7
Process for Mixed Authentication
Configuration in IIS7 Integration Mode
There're some breaking changes in IIS 7, so the configuration is different from that we done on IIS6.
1. Unlock Authentication Section.
Run below in command line to unlock the section. By default it's locked in IIS7.
%windir%\system32\inetsrv\appcmd unlock config /section:anonymousAuthentication %windir%\system32\inetsrv\appcmd unlock config /section:windowsAuthentication
2. Add below in Web.Config
Pay attention to the responseMode attribute of error redirect section. It must be "File" instead of "ExecuteURL" or "Redirect"
<location path="WinLogin.aspx"> <system.webServer> <security> <authentication> <windowsAuthentication enabled="true" /> <anonymousAuthentication enabled="false" /> </authentication> </security> <httpErrors> <remove statusCode="403" subStatusCode="-1" /> <remove statusCode="401" subStatusCode="-1" /> <error statusCode="401" prefixLanguageFilePath="" path="redirect401.htm" responseMode="File" /> <error statusCode="403" prefixLanguageFilePath="" path="redirect401.htm" responseMode="File" /> </httpErrors> </system.webServer> </location> <location path="WebLogin.aspx"> <system.web> <authorization> <allow users="?,*" /> </authorization> </system.web> <system.webServer> <security> <authentication> <windowsAuthentication enabled="false" /> <anonymousAuthentication enabled="true" /> </authentication> </security> </system.webServer> </location> <location path="Redirect401.htm"> <system.web> <authorization> <allow users="?,*" /> </authorization> </system.web> <system.webServer> <security> <authentication> <windowsAuthentication enabled="false" /> <anonymousAuthentication enabled="true" /> </authentication> </security> </system.webServer> </location> <location path="Images"> <system.web> <authorization> <allow users="?,*" /> </authorization> </system.web> <system.webServer> <security> <authentication> <windowsAuthentication enabled="false" /> <anonymousAuthentication enabled="true" /> </authentication> </security> </system.webServer> </location>
3. Make sure the Anonymous user identity can access web site directory
By default the identify is "IUSR", need to grant read access to the web site directory.