Process for Mixed Authentication
Configuration in IIS7 Integration Mode
There're some breaking changes in IIS 7, so the configuration is different from that we done on IIS6.
1. Unlock Authentication Section.
Run below in command line to unlock the section. By default it's locked in IIS7.
%windir%system32inetsrvappcmd unlock config /section:anonymousAuthentication %windir%system32inetsrvappcmd unlock config /section:windowsAuthentication
2. Add below in Web.Config
Pay attention to the responseMode attribute of error redirect section. It must be "File" instead of "ExecuteURL" or "Redirect"
<location path="WinLogin.aspx"> <system.webServer> <security> <authentication> <windowsAuthentication enabled="true" /> <anonymousAuthentication enabled="false" /> </authentication> </security> <httpErrors> <remove statusCode="403" subStatusCode="-1" /> <remove statusCode="401" subStatusCode="-1" /> <error statusCode="401" prefixLanguageFilePath="" path="redirect401.htm" responseMode="File" /> <error statusCode="403" prefixLanguageFilePath="" path="redirect401.htm" responseMode="File" /> </httpErrors> </system.webServer> </location> <location path="WebLogin.aspx"> <system.web> <authorization> <allow users="?,*" /> </authorization> </system.web> <system.webServer> <security> <authentication> <windowsAuthentication enabled="false" /> <anonymousAuthentication enabled="true" /> </authentication> </security> </system.webServer> </location> <location path="Redirect401.htm"> <system.web> <authorization> <allow users="?,*" /> </authorization> </system.web> <system.webServer> <security> <authentication> <windowsAuthentication enabled="false" /> <anonymousAuthentication enabled="true" /> </authentication> </security> </system.webServer> </location> <location path="Images"> <system.web> <authorization> <allow users="?,*" /> </authorization> </system.web> <system.webServer> <security> <authentication> <windowsAuthentication enabled="false" /> <anonymousAuthentication enabled="true" /> </authentication> </security> </system.webServer> </location>
3. Make sure the Anonymous user identity can access web site directory
By default the identify is "IUSR", need to grant read access to the web site directory.