Changing authentication mode for a given website

By Elliott Hamai

July 26, 2012

ApphostAuthOverride Provider

This is a new Web Deploy provider which will provide support for changing authentication mode for a given website. Many a times in enterprise environments applications want to choose their own authentication method using web.config file, but AppHostConfig file locks this setting. This means that if a developer tries to set his/her site's authentication settings, IIS will not obey it. The Application Host Authentication Override provider allows developers to configure how IIS locks an authentication setting on the server by adding a <location> tag for that setting within the server's applicationHost.config file. Here is an example of what that looks like in config:

<location path="siteName" overrideMode="Allow">
<system.webServer>
<security>
<authentication>
<windowsAuthentication />
</authentication>
</security>
</system.webServer>
</location>

Here is a few command line examples of how this could be done (msdeploy.exe is located under "%programfiles%\IIS\Microsoft Web Deploy V3"):

· Allow Windows Authentication on Destination at site = SiteName:

msdeploy.exe -source:ApphostAuthOverride -dest:ApphostauthOverride="<siteName>;windowsAuthentication=Allow"

· Allow ASP.Net Forms Authentication on Destination at site = SiteName:

msdeploy.exe -source:ApphostAuthOverride -dest:ApphostauthOverride="<siteName>;aspNetAuthentication=Allow"

· Deny Anonymous Authentication on Destination at site = SiteName:

msdeploy.exe -source:ApphostAuthOverride -dest:ApphostauthOverride="<siteName>;anonymousAuthentication=Deny"

· Reset Windows Authentication Setting on Destination at site = SiteName:

msdeploy.exe -dest:ApphostAuthOverride="<siteName>;windowsAuthentication"

Please note the sytax carefully, both <sitename" and authentication setting are part of -dest:ApphostAuthOverride value.