Reputation: 6353
Authorize a directory for anonymous users IIS 7.5?
I'm trying to add a directory for anon access in IIS 7.5. It works under Web Dev but not IIS 7.5
I'm currently using this web.config in the directory. This is a directory with style sheets:
<?xml version="1.0"?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</configuration>
Update:
I've went to the folder and under Authentication, I've changed anonymous authentication from IIS_USR to pool. This seems to have correct it.
I will reward anyone who provides a very good explanation and resources for understanding this setting. Also, how to apply it globally would be good to know -- for all folders.
Upvotes: 6
Views: 14218
Answers (2)
Reputation: 8007
Since you answered your own question, here is the explanation that might help
Authorization deals with who IIS will offer resources to. Those resources, however, have their own security as they are just files on a file system.
The Authentication element in the config assists in determining how IIS will identify a user's requests after its accepted and as it accesses resources beyond/external to IIS.
This is set at the site level, typically in the applicationHost.config file for your server. It can, if properly setup, be overridden at the site level.
IIS.net pages about this:
http://www.iis.net/ConfigReference/system.webServer/security/authorization/add
http://www.iis.net/ConfigReference/system.webServer/security/authentication/anonymousAuthentication
The .config version of what you did in the UI is:
<location path="/yourSite">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="true" username="" />
</authentication>
</security>
</system.webServer>
</location>
On the anon. auth method, the username field is who IIS will impersonate when resources are accessed. When you don't specify one, it defaults to use the identity of the apppool.
Now, as to why this mattered ... check the actual file on disk (the .css). If this fixed the problem that would mean IUSR doesn't have access to read that file.
Upvotes: 7
Reputation: 37533
You don't have a location defined for your authorization. You also don't specify what sort of authentication you're using within the web.config (if any).
<location path="/">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
Upvotes: 0
Related Questions
- ASP.NET Identity - protecting a directory from unauthenticated users
- Allow Anonymous Access to a single file in IIS
- How to allow anonymous user access to virtual directory
- How to allow access to a web folder only to authenticated users
- Allow anonymous access to a directory in a IIS site that uses Windows Authentication
- IIS 7.5 Integrated Authentication NTFS Folder Permissions without Impersonation
- In IIS7, how can I require Authentication on specific directories?
- IIS 7.5/ASP.NET - Anonymous access to everything except one directory - how?
- asp.net folder authorization
- Anonymous access IIS