Changing authentication mode for a given website

by Elliott Hamai

ApphostAuthOverride Provider

This is a new Web Deploy provider which will provide support for changing authentication mode for a given website. Many a times in enterprise environments applications want to choose their own authentication method using web.config file, but AppHostConfig file locks this setting. This means that if a developer tries to set his/her site's authentication settings, IIS will not obey it. The Application Host Authentication Override provider allows developers to configure how IIS locks an authentication setting on the server by adding a <location> tag for that setting within the server's applicationHost.config file. Here is an example of what that looks like in config:

<location path="siteName" overrideMode="Allow">
    <system.webServer>
        <security>
            <authentication>
                <windowsAuthentication />
            </authentication>
        </security>
    </system.webServer>
</location>

Here is a few command line examples of how this could be done (msdeploy.exe is located under %programfiles%\IIS\Microsoft Web Deploy V3):

· Allow Windows Authentication on Destination at site = SiteName:

msdeploy.exe -source:ApphostAuthOverride -dest:ApphostauthOverride="<siteName>;windowsAuthentication=Allow"

· Allow ASP.Net Forms Authentication on Destination at site = SiteName:

msdeploy.exe -source:ApphostAuthOverride -dest:ApphostauthOverride="<siteName>;aspNetAuthentication=Allow"

· Deny Anonymous Authentication on Destination at site = SiteName:

msdeploy.exe -source:ApphostAuthOverride -dest:ApphostauthOverride="<siteName>;anonymousAuthentication=Deny"

· Reset Windows Authentication Setting on Destination at site = SiteName:

msdeploy.exe -dest:ApphostAuthOverride="<siteName>;windowsAuthentication"

Please note the syntax carefully, both <sitename" and authentication setting are part of -dest:ApphostAuthOverride value.