Changing authentication mode for a given website

by Elliott Hamai

ApphostAuthOverride Provider

This is a new Web Deploy provider which will provide support for changing authentication mode for a given website. Many a times in enterprise environments applications want to choose their own authentication method using web.config file, but AppHostConfig file locks this setting. This means that if a developer tries to set his/her site's authentication settings, IIS will not obey it. The Application Host Authentication Override provider allows developers to configure how IIS locks an authentication setting on the server by adding a <location> tag for that setting within the server's applicationHost.config file. Here is an example of what that looks like in config:

<location path="siteName" overrideMode="Allow">
	<system.webServer>
		<security>
			<authentication>
				<windowsAuthentication />
			</authentication>
		</security>
	</system.webServer>
</location>

Here is a few command line examples of how this could be done (msdeploy.exe is located under %programfiles%\IIS\Microsoft Web Deploy V3):

· Allow Windows Authentication on Destination at site = SiteName:

msdeploy.exe -source:ApphostAuthOverride -dest:ApphostauthOverride="<siteName>;windowsAuthentication=Allow"

· Allow ASP.Net Forms Authentication on Destination at site = SiteName:

msdeploy.exe -source:ApphostAuthOverride -dest:ApphostauthOverride="<siteName>;aspNetAuthentication=Allow"

· Deny Anonymous Authentication on Destination at site = SiteName:

msdeploy.exe -source:ApphostAuthOverride -dest:ApphostauthOverride="<siteName>;anonymousAuthentication=Deny"

· Reset Windows Authentication Setting on Destination at site = SiteName:

msdeploy.exe -dest:ApphostAuthOverride="<siteName>;windowsAuthentication"

Please note the sytax carefully, both <sitename" and authentication setting are part of -dest:ApphostAuthOverride value.