Installing WindowsAuthentication breaks authentication / web.config?
- by Ian Quigley
I have a clean Windows 2008 R2 box (on a VM) and have installed IIS 7.5 with default options. I then copied a website to it (from Windows 7, IIS 7) and after a little tweaking the website is working fine.
The website is currently using and working with Anonymous Authentication.
I have gone back to the Windows Components/Sever Manager, Roles - Security and ticked and installed Windows Authentication.
When I check my server in IIS (top level above sites) - Authentication, I see
Anonymous Authentication (enabled)
ASP.NET Impersonation (disabled)
Forms Authentication (disbaled)
Windows Authentication (enabled)
When I check my default website - Authentication, I see as above but "Retrieving status" and an error dialog saying
There was an error while performing this operation.
Details:
Filename c:\inetpub\wwwroot\screwturnwiki\web.config
Line number: 96
Error: This configuration section cannot be used in this path. This happens
when the section is being locked at the parent level. Locking is either by default
(overriderModeDefault="Deny"), or set explicity by a location tag with overrideMode="Deny"
or the legacy allowOverride="False".
I have tried hand editing the web.config with no success. (How to use locking in IIS7 Configuration)
UN-installing Windows Authentication happily returns my site to working with Anonymous Authentication, and allows me to enable/disable these three options.
FYI. I am using ScrewTurnWiki with the Active Directory plug in. It all works fine under Windows 7 IIS 7 locally (has been for months)
Web.Config
<system.webServer>
(edit)
<handlers> ( deleted removes/adds ) </handlers>
<security>
<authentication>
96: <windowsAuthentication enabled="true" useKernelMode="true">
<extendedProtection tokenChecking="Allow" />
<providers>
<clear />
<add value="NTLM" />
<add value="Negotiate" />
</providers>
</windowsAuthentication>
</authentication>
</security>