Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

IIS Express is automatically disabling anonymous authentication for my project, why?

When I switch my ASP.NET MVC project from Cassini web server to IIS Express, this is added to my applicationhost.config file:

<location path="MyProject">     <system.webServer>         <security>             <authentication>                 <anonymousAuthentication enabled="false" />                 <windowsAuthentication enabled="false" />             </authentication>         </security>     </system.webServer> </location> 

It's causing the site not to load with 401.2 - Unauthorized and I can't fix it on the Web.config level - it will then complain that the section is locked at parent level (HTTP 500.19).

I can fix it by amending the applicationhost.config file but I don't understand why I should need to when no such section is added for a vanilla ASP.NET MVC project. What can be wrong?

I'm using VS 11 beta but also confirmed this weird behavior in 2010 SP1. IIS Express says it's version 7.5.

like image 882
Borek Bernard Avatar asked Mar 16 '12 19:03

Borek Bernard


People also ask

How do I enable anonymous authentication in IIS?

Go to Administrative Tools and open Internet Information Services (IIS). In the Internet Information Services dialog box, expand local computer ► Sites, and click Default Website. Double-click Authentication. Click Anonymous Authentication and make sure it is enabled.

How does anonymous authentication work in IIS?

Anonymous authentication gives users access to the public areas of your Web or FTP site without prompting them for a user name or password. By default, the IUSR account, which was introduced in IIS 7.0 and replaces the IIS 6.0 IUSR_computername account, is used to allow anonymous access.

Does IIS Express support Windows authentication?

Unlike IIS Server, IIS Express doesn't support Windows Authentication by default. You can enable the Windows Authentication in IIS Express by modifying the applicationhost. config under the “C:\Users[username]\Documents\IISExpress\config” directory.


1 Answers

It was because for some reason, this was in my csproj file:

<IISExpressAnonymousAuthentication>disabled</IISExpressAnonymousAuthentication> 

Setting it to enabled fixes the issue (it can also be done from Visual Studio, select project, F4, set Anonymous Authentication in the properties grid to Enabled).

like image 148
Borek Bernard Avatar answered Sep 21 '22 16:09

Borek Bernard