Using anonymous and basic authentication in the same folder under IIS7

Question

I have a have Winforms client that uses Web services on a IIS7 (W2008)

The client will first access a first.asmx page with anonymous aaccess, then access second.asmx with basic authentication (over SSL). This works fine in IIS6 where I can set first file to have anonymous authentication and the second file to have basic authentication.

When I move to IIS7 there seems to be a problem having two different authentication modes in the same virtual folder. Does anyone know how this is intended to work?

I have thought about fixing this with ACLs but it seems tricky.. or maybe move the anonymous first.asmx file to its own virtual folder. Any thoughts?

Regards Fredrik

Answer 1

check this out Did you know: Enable File Level Authentication in IIS 7 / 7.5

you can manually set the Authentication by go to the Content View -> right click on the file and click "Switch to Features View"

optionally, we can directly add the authentication for individual web pages in the applicationHost.config file

<location path="Default Web Site/iisstart.htm">
    <system.webServer>
        <security>
            <authentication>
                <anonymousAuthentication enabled="true" />
                <basicAuthentication enabled="false" />
                <windowsAuthentication enabled="false" />
            </authentication>
        </security>
    </system.webServer>
</location>
<location path="Default Web Site/welcome.png">
    <system.webServer>
        <security>
            <authentication>
                <anonymousAuthentication enabled="false" />
                <basicAuthentication enabled="true" />
                <windowsAuthentication enabled="false" />
            </authentication>
        </security>
    </system.webServer>
</location>

Regards, Vivek.