Installing WindowsAuthentication breaks authentication / web.config?

Posted by Ian Quigley on Server Fault See other posts from Server Fault or by Ian Quigley
Published on 2011-01-11T10:23:35Z Indexed on 2012/11/21 11:07 UTC
Read the original article Hit count: 1591

Filed under:
|
|
|

I have a clean Windows 2008 R2 box (on a VM) and have installed IIS 7.5 with default options. I then copied a website to it (from Windows 7, IIS 7) and after a little tweaking the website is working fine.

The website is currently using and working with Anonymous Authentication.

I have gone back to the Windows Components/Sever Manager, Roles -> Security and ticked and installed Windows Authentication.

When I check my server in IIS (top level above sites) -> Authentication, I see
Anonymous Authentication (enabled)
ASP.NET Impersonation (disabled)
Forms Authentication (disbaled)
Windows Authentication (enabled)

When I check my default website -> Authentication, I see as above but "Retrieving status" and an error dialog saying

There was an error while performing this operation.  
Details:  
Filename c:\inetpub\wwwroot\screwturnwiki\web.config
Line number: 96
Error: This configuration section cannot be used in this path. This happens
when the section is being locked at the parent level. Locking is either by default
(overriderModeDefault="Deny"), or set explicity by a location tag with overrideMode="Deny"
or the legacy allowOverride="False".

I have tried hand editing the web.config with no success. (How to use locking in IIS7 Configuration)

UN-installing Windows Authentication happily returns my site to working with Anonymous Authentication, and allows me to enable/disable these three options.

FYI. I am using ScrewTurnWiki with the Active Directory plug in. It all works fine under Windows 7 IIS 7 locally (has been for months)

Web.Config

<system.webServer>
   (edit)
<handlers> ( deleted removes/adds )  </handlers>
<security>
    <authentication>
96:     <windowsAuthentication enabled="true" useKernelMode="true">
             <extendedProtection tokenChecking="Allow" />
             <providers>
                  <clear />
                  <add value="NTLM" />
                  <add value="Negotiate" />
             </providers>
        </windowsAuthentication>
    </authentication>
</security>

© Server Fault or respective owner

Related posts about windows-server-2008

Related posts about iis