Installing WindowsAuthentication breaks authentication / web.config?
Grr... RTFM on my part.
The answer was to edit the
%windir%\system32\inetsrv\config\applicationHost.config
File and remove the overrideModeDefault="Deny"
from the security section.
Related videos on Youtube
Ian Quigley
I wouldn't judge someone by their Stack-overflow account. I've thrown away an account with over 10k rep. Self awarded badges: [ Yawn ] [ Forgettable Post ] [ Top 100% ]
Updated on September 17, 2022Comments
-
Ian Quigley over 1 year
I have a clean Windows 2008 R2 box (on a VM) and have installed IIS 7.5 with default options. I then copied a website to it (from Windows 7, IIS 7) and after a little tweaking the website is working fine.
The website is currently using and working with Anonymous Authentication.
I have gone back to the Windows Components/Sever Manager, Roles -> Security and ticked and installed Windows Authentication.
When I check my server in IIS (top level above sites) -> Authentication, I see
Anonymous Authentication (enabled)
ASP.NET Impersonation (disabled)
Forms Authentication (disbaled)
Windows Authentication (enabled)When I check my default website -> Authentication, I see as above but "Retrieving status" and an error dialog saying
There was an error while performing this operation. Details: Filename c:\inetpub\wwwroot\screwturnwiki\web.config Line number: 96 Error: This configuration section cannot be used in this path. This happens when the section is being locked at the parent level. Locking is either by default (overriderModeDefault="Deny"), or set explicity by a location tag with overrideMode="Deny" or the legacy allowOverride="False".
I have tried hand editing the web.config with no success. (How to use locking in IIS7 Configuration)
UN-installing Windows Authentication happily returns my site to working with Anonymous Authentication, and allows me to enable/disable these three options.
FYI. I am using ScrewTurnWiki with the Active Directory plug in. It all works fine under Windows 7 IIS 7 locally (has been for months)
Web.Config
<system.webServer> (edit) <handlers> ( deleted removes/adds ) </handlers> <security> <authentication> 96: <windowsAuthentication enabled="true" useKernelMode="true"> <extendedProtection tokenChecking="Allow" /> <providers> <clear /> <add value="NTLM" /> <add value="Negotiate" /> </providers> </windowsAuthentication> </authentication> </security>
-
GregD over 13 yearsSo if it doesn't give away any confidential info, what does line 96 in your web.config say?
-
Ian Quigley over 13 yearsI've added a bit there GregD. Nothing exciting to see really
-