I'm having a weird problem with my ASP.NET site. My site uses Windows Authentication, and I have set the authentication option on IIS server to deny Anonymous Authentication. However, whenever I upload my project to IIS server, Anonymous Authentication for my site turns on by itself. This is my applicationHost.config. Notice Anonymous Authentication is set to false here, but every time I publish my site, it is automatically changed to true, and I have to login to the web server and manually change it back. <pre class="prettyprint"><code><location path="[my root folder]"> <system.webServer> <security> <authentication> <windowsAuthentication enabled="true" /> <anonymousAuthentication enabled="false" /> <basicAuthentication enabled="false" realm="" defaultLogonDomain="[my domain]" /> </authentication> </security> </system.webServer> </location> </code></pre> And this is my web.config <pre class="prettyprint"><code><system.web> <compilation debug="true" targetFramework="4.5" /> <httpRuntime targetFramework="4.5" maxRequestLength="102400" executionTimeout="3600" requestLengthDiskThreshold="102400"/> <authentication mode="Windows" /> <authorization> <deny users="?" /> </authorization> <customErrors mode="On" defaultRedirect="[my error page]"/> </system.web> </code></pre> In the past I used to allow anonymous authentication to 1 particular sub folder, using the following setting <pre class="prettyprint"><code><location path="[my sub folder]"> <system.webServer> <security> <authentication> <windowsAuthentication enabled="false" /> <anonymousAuthentication enabled="true" /> </authentication> </security> </system.webServer> </location> </code></pre> And <pre class="prettyprint"><code><location path="[my sub folder]"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </code></pre> However I no longer use that setting.

After a few days of poking around, I finally found the reason. Turned out that while I did disable anonymous authentication for my individual site, I forgot to turn off anonymous authentication on the server wide level. In case someone got the same error, this is the steps I used to solve it: <ul> <li>Open IIS control panel.</li> <li>In the tree view on the left, select your server's name instead of your individual site.</li> <li>In the newly opened panel on the right, double click authentication under IIS</li> <li>Right click on anonymous authentication and select disable.</li> </ul>

IIS Anonymous authentication turn on by itself after I publish my project to server

I'm having a weird problem with my ASP.NET site. My site uses Windows Authentication, and I have set the authentication option on IIS server to deny Anonymous Authentication. However, whenever I upload my project to IIS server, Anonymous Authentication for my site turns on by itself.

This is my applicationHost.config. Notice Anonymous Authentication is set to false here, but every time I publish my site, it is automatically changed to true, and I have to login to the web server and manually change it back.

<location path="[my root folder]">
    <system.webServer>
        <security>
            <authentication>
                <windowsAuthentication enabled="true" />
                <anonymousAuthentication enabled="false" />
                <basicAuthentication enabled="false" realm="" defaultLogonDomain="[my domain]" />
            </authentication>
        </security>
    </system.webServer>
</location>

And this is my web.config

<system.web>
   <compilation debug="true" targetFramework="4.5" />
   <httpRuntime targetFramework="4.5" maxRequestLength="102400" executionTimeout="3600" requestLengthDiskThreshold="102400"/>
   <authentication mode="Windows" />
   <authorization>
      <deny users="?" />
   </authorization>
   <customErrors mode="On" defaultRedirect="[my error page]"/>
</system.web>

In the past I used to allow anonymous authentication to 1 particular sub folder, using the following setting

<location path="[my sub folder]">
    <system.webServer>
        <security>
            <authentication>
                <windowsAuthentication enabled="false" />
                <anonymousAuthentication enabled="true" />
            </authentication>
        </security>
    </system.webServer>
</location>

And

<location path="[my sub folder]">
<system.web>
  <authorization>
    <allow users="*" />
  </authorization>
</system.web>

However I no longer use that setting.

How do I turn off Anonymous authentication in Web config?

Scroll to the Security section in the Home pane, and then double-click Authentication. In the Authentication pane, select Anonymous Authentication, and then click Disable in the Actions pane.

Where does IIS store authentication settings?

IIS Manager stores Authentication settings in "C:\Windows\System32\inetsrv\config\applicationHost. config" for any website or subfolder.

After a few days of poking around, I finally found the reason. Turned out that while I did disable anonymous authentication for my individual site, I forgot to turn off anonymous authentication on the server wide level. In case someone got the same error, this is the steps I used to solve it:

Open IIS control panel.
In the tree view on the left, select your server's name instead of your individual site.
In the newly opened panel on the right, double click authentication under IIS
Right click on anonymous authentication and select disable.

IIS Anonymous authentication turn on by itself after I publish my project to server

Tags:

c#

authentication

asp.net

iis

gzup

People also ask

1 Answers

gzup

Recent Activity

Donate For Us

IIS Anonymous authentication turn on by itself after I publish my project to server

Tags:

c#

authentication

asp.net

iis

gzup

People also ask

1 Answers

gzup

Related questions

Recent Activity

Donate For Us