Changing authentication mode for a given website
ApphostAuthOverride Provider
This is a new Web Deploy provider which will provide support for changing authentication mode for a given website. Many a times in enterprise environments applications want to choose their own authentication method using web.config file, but AppHostConfig file locks this setting. This means that if a developer tries to set his/her site's authentication settings, IIS will not obey it. The Application Host Authentication Override provider allows developers to configure how IIS locks an authentication setting on the server by adding a <location>
tag for that setting within the server's applicationHost.config file. Here is an example of what that looks like in config:
<location path="siteName" overrideMode="Allow">
<system.webServer>
<security>
<authentication>
<windowsAuthentication />
</authentication>
</security>
</system.webServer>
</location>
Here is a few command line examples of how this could be done (msdeploy.exe is located under %programfiles%\IIS\Microsoft Web Deploy V3
):
· Allow Windows Authentication on Destination at site = SiteName:
msdeploy.exe -source:ApphostAuthOverride -dest:ApphostauthOverride="<siteName>;windowsAuthentication=Allow"
· Allow ASP.Net Forms Authentication on Destination at site = SiteName:
msdeploy.exe -source:ApphostAuthOverride -dest:ApphostauthOverride="<siteName>;aspNetAuthentication=Allow"
· Deny Anonymous Authentication on Destination at site = SiteName:
msdeploy.exe -source:ApphostAuthOverride -dest:ApphostauthOverride="<siteName>;anonymousAuthentication=Deny"
· Reset Windows Authentication Setting on Destination at site = SiteName:
msdeploy.exe -dest:ApphostAuthOverride="<siteName>;windowsAuthentication"
Please note the syntax carefully, both <sitename" and authentication setting are part of -dest:ApphostAuthOverride value.