current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I added an ASP.NET application under a virtual directory in Default Web Site. When I change the Authentication settings for a subfolder in the application (such as by disabling Anonymous Authentication) I can't find where the setting is being stored. There is no web.config being created in the subfolder, the application's root web.config is untouched and Process Monitor doesn't record any file writes either.

share|improve this question
    
the impersonation and windows authentication gets reflected in web.config, but anonymous doesn't. –  developer747 Feb 13 '13 at 2:51
    
Only unlocked sections get reflected in web.config. By default all Authentication options are locked and IIS Manager will save any changes to them using <location> tags in applicationHost.config. If the sections are unlocked in applicationHost.config, then any changes to the Authentication options will be stored in the local web.config. –  Locutus Feb 13 '13 at 4:30

2 Answers 2

up vote 0 down vote

I just did the same and linked the virtual directory to my smtp Pickup-Directory. Same result.

But: After I restarted the default Website und changed the settings, there was a web config in my smtp-pickup-directory.

share|improve this answer
    
It's isn't working. I created a new website altogether linked to the folder and when I change the Authentication settings there is no config file created anywhere after restarting the web site or IIS. Other settings create a web.config but Authentication doesn't. –  Locutus Feb 11 '13 at 8:24
    
The settings are saved in "C:\Windows\System32\inetsrv\config\applicationHost.config". –  Locutus Feb 11 '13 at 8:31
    
Ah, I see my mistake. I disabled anonymous and activated another auth maethod at the same time; then reactivated anonymous auth. Sorry –  Serv Feb 11 '13 at 8:43
    
I found that disabling Anonymous Authentication is never a good idea. The Authentication configuration sections (and all other locked sections) are usually administered by IIS server admins alone and usually don't need to be customised per application. Instead one should simply deny "All Anonymous Users" under Authorization instead, which creates a web.config in the corresponding folder. That will cause it to fall back to another enabled method in the Authentication section and won't break some other applicaion functionality like disabling Anonymous Authentication does. –  Locutus Feb 11 '13 at 10:31
up vote 3 down vote accepted

IIS Manager stores Authentication settings in "C:\Windows\System32\inetsrv\config\applicationHost.config" for any website or subfolder. The corresponding section needs to be copied out and into your local web.config.

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.