On my local machine, I work on multiple web sites and run them under IIS under a “Default” web site. That way I can access the sites through this type of URL: http://localhost/App1/. Here’s the structure:
LocalDev (site)
App1 (application)
App2 (application)
App3 (application)
The problem I’m encountering is that in App1, I’m trying to enable Windows authentication on a subdirectory of App1, like this:
<configuration>
<location path="internal">
<system.web>
<authentication mode="Windows"/>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Unfortunately, when I then try to access http://localhost/App1/internal/url.aspx, I get this error:
It is an error to use a section registered as allowDefinition=’MachineToApplication’ beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
App1 is set up as an application, not a virtual directory. I’ve tried changing my machine.config to allow changing the authentication section anywhere:
<configuration>
<configSections>
<sectionGroup name="system.web" type="System.Web.Configuration.SystemWebSectionGroup, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<section name="authentication" type="System.Web.Configuration.AuthenticationSection, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="Everywhere"/>
</sectionGroup>
</configSections>
</configuration>
What do I have to do to allow my sites to set their own authentication modes?
You need to enable Windows authentication at the application level in the Web.config, then further define authorization at the folder level, allowing all users at the root and denying all unauthenticated for the
internalfolder.In IIS, make sure both Anonymous Authentication and Windows Authentication are enabled for the application. Then, modify your Web.config as follows: