path with a dot in web.config <location>

Question

I need to add a location element in my web.config file, but the path starts with a dot (and I don't think I can change that path, it's for letsencrypt automation).

If I let the dot, like in <location path=".well-known/acme-challenge"></location>, the site doesn't start at all (I think the web.config file is not parsed at all because I get the page asking me to configure customErrors, but it is already configured and usually works fine)

If I remove the dot, like in <location path="well-known/acme-challenge"></location> the web.config file is correctly loaded, but of course that doesn't help me to configure anything at the location I wish.

The final goal is to disable basic authentication (which I need for the rest of the site) on this path only ; I don't even know if I'll be able to set this up in a <location> element.

Answer 1

I had a similar problem where I had a ASP.NET Forms site that was forcing authentication on all pages.

To expand on the accepted answer, here is the exact web.config I put in the /.well-known folder (NOT the /.well-known/acme-challenge folder):

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <!-- This will stop any redirects you have at the higher level -->
    <httpRedirect enabled="false" />

    <!-- This will stop any integrated mode settings you have at the higher level -->
    <validation validateIntegratedModeConfiguration="false"/>
  </system.webServer>

  <!-- This will allow unauthenticated users to acme-challenge subfolder -->
  <location path="acme-challenge">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
</configuration>

After adding this file, I was able to use EcdsaAcmeNet to use Lets Encrypt with the site in IIS.

Answer 2

As suggested by Ondrej Svedjdar in comments, the solution is so simple I didn't think about it.

Just add another web.config file in the folder where you need it.