![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 51%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EW%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 82%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBZ%3C/text%3E%3C/svg%3E)
Hi @wallst360 ,
In fact, powershell retrieves the IIS authentication settings by reading the applicationhost.config file. So if you read applicationhost.config file directly, there're only 6 authentication types under structure /system.webServer/security/authentication. Even you enable form authentication through IIS Manager, it still not show in this structure.
I did find examples of the below command returning a value of "forms". Would this be the equivalent of Forms Authentication = Enabled?
Yes, form authentication is recorded in structure system.web/authentication, the value you get is forms authentication. If you want to get Impersonation, its structure is system.web/identity. Powershell script is Get-WebConfigurationProperty -filter "system.web/identity" -name "impersonate".
Maybe you are wondering why they are not under one structure. This is a more complicated issue and it is difficult to explain clearly. Let me explain briefly and hope you can understand it.
From the perspective of IIS and ASP.NET (this is also a historical reason), the full name of Form authentication is ASP.NET Form authentication Mode. This means that it is essentially part of ASP.NET rather than IIS. In versions prior to IIS7, the request pipeline was divided into HTTP pipeline (IIS) and ASP.NET pipeline (ASP.NET runtime). The request will be processed in the HTTP pipeline first. IIS, as a hosting platform, will first process the static content. Only when a page with an extension of .aspx, .asmx or .ashx is requested will the request be handed over to the ASP.NET pipeline. Form Authentication will only process requests for asp.net.
After IIS7, the integrated IIS and ASP.NET pipeline is used, which allows all requests to use Form authentication, regardless of whether they are for asp.net requests. But this part of the upgrade modification is only IIS, and does not involve asp.net. So form authentication is still in "system.web".
About this you can refer to this docs.
From the perspective of authentication, windows authentication and anonymous authentication belong to website identity. Form authentication belongs to membership setting. The ultimate purpose of Form authentication is to grant the requester asp.net membership so that they can access certain permissions on the website. A very simple example is if you enable windows authentication and anonymous authentication at the same time, only one of them can be used. IIS does not let you verify one first and then verify the other, they cannot be parallel. But anonymous authentication and form authentication can be used at the same time. Because you need to allow users to anonymously access the login page of form authentication.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Best regards,
Bruce Zhang