Home/ Questions/Q 3934126
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T23:40:48+00:00

I’m trying to add a directory for anon access in IIS 7.5. It works

  • 0

I’m trying to add a directory for anon access in IIS 7.5. It works under Web Dev but not IIS 7.5

I’m currently using this web.config in the directory. This is a directory with style sheets:

<?xml version="1.0"?>
<!-- 
    Note: As an alternative to hand editing this file you can use the 
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in 
    machine.config.comments usually located in 
    \Windows\Microsoft.Net\Framework\v2.x\Config 
-->

    <configuration>
        <appSettings/>
        <connectionStrings/>
        <system.web>
            <authorization>

                <allow users="*" />

            </authorization>

        </system.web>
    </configuration>

Update:

I’ve went to the folder and under Authentication, I’ve changed anonymous authentication from IIS_USR to pool. This seems to have correct it.

I will reward anyone who provides a very good explanation and resources for understanding this setting. Also, how to apply it globally would be good to know — for all folders.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Since you answered your own question, here is the explanation that might help

    Authorization deals with who IIS will offer resources to. Those resources, however, have their own security as they are just files on a file system.

    The Authentication element in the config assists in determining how IIS will identify a user’s requests after its accepted and as it accesses resources beyond/external to IIS.

    This is set at the site level, typically in the applicationHost.config file for your server. It can, if properly setup, be overridden at the site level.

    IIS.net pages about this:

    http://www.iis.net/ConfigReference/system.webServer/security/authorization/add

    http://www.iis.net/ConfigReference/system.webServer/security/authentication/anonymousAuthentication

    The .config version of what you did in the UI is:

    <location path="/yourSite">
   <system.webServer>
      <security>
         <authentication>
            <anonymousAuthentication enabled="true" username="" />
          </authentication>
      </security>
   </system.webServer>
</location>

    On the anon. auth method, the username field is who IIS will impersonate when resources are accessed. When you don’t specify one, it defaults to use the identity of the apppool.

    Now, as to why this mattered … check the actual file on disk (the .css). If this fixed the problem that would mean IUSR doesn’t have access to read that file.

    • 0