Installing WindowsAuthentication breaks authentication / web.config?

windows-server-2008 iis iis-7 iis-7.5

7,016

Grr... RTFM on my part.

The answer was to edit the

 %windir%\system32\inetsrv\config\applicationHost.config

File and remove the overrideModeDefault="Deny" from the security section.

7,016

Ian Quigley

I wouldn't judge someone by their Stack-overflow account. I've thrown away an account with over 10k rep. Self awarded badges: [ Yawn ] [ Forgettable Post ] [ Top 100% ]

Updated on September 17, 2022

Comments

Ian Quigley over 1 year
I have a clean Windows 2008 R2 box (on a VM) and have installed IIS 7.5 with default options. I then copied a website to it (from Windows 7, IIS 7) and after a little tweaking the website is working fine.

The website is currently using and working with Anonymous Authentication.

I have gone back to the Windows Components/Sever Manager, Roles -> Security and ticked and installed Windows Authentication.

When I check my server in IIS (top level above sites) -> Authentication, I see
Anonymous Authentication (enabled)
ASP.NET Impersonation (disabled)
Forms Authentication (disbaled)
Windows Authentication (enabled)

When I check my default website -> Authentication, I see as above but "Retrieving status" and an error dialog saying
```
There was an error while performing this operation.  
Details:  
Filename c:\inetpub\wwwroot\screwturnwiki\web.config
Line number: 96
Error: This configuration section cannot be used in this path. This happens
when the section is being locked at the parent level. Locking is either by default
(overriderModeDefault="Deny"), or set explicity by a location tag with overrideMode="Deny"
or the legacy allowOverride="False".
```
I have tried hand editing the web.config with no success. (How to use locking in IIS7 Configuration)

UN-installing Windows Authentication happily returns my site to working with Anonymous Authentication, and allows me to enable/disable these three options.

FYI. I am using ScrewTurnWiki with the Active Directory plug in. It all works fine under Windows 7 IIS 7 locally (has been for months)

Web.Config
```
<system.webServer>
   (edit)
<handlers> ( deleted removes/adds )  </handlers>
<security>
    <authentication>
96:     <windowsAuthentication enabled="true" useKernelMode="true">
             <extendedProtection tokenChecking="Allow" />
             <providers>
                  <clear />
                  <add value="NTLM" />
                  <add value="Negotiate" />
             </providers>
        </windowsAuthentication>
    </authentication>
</security>
```
- GregD over 13 years
  
  So if it doesn't give away any confidential info, what does line 96 in your web.config say?
- Ian Quigley over 13 years
  
  I've added a bit there GregD. Nothing exciting to see really