I'm trying to set authentication settings directly to the app level and IIS doesn't seem to be accepting it.
I'm running IIS 8.5 on 2012 R2.
Here's what happen when I disable all authentication methods at server level (note my selection in the left sidebar):
Results into this, which is exactly what I would expect:
Now, if I re-enable Anonymous Authentication at server level, and do the same thing at the app-level:
I get the following, which is the content of my static HTML page:
So if I disable all authentication methods, it still goes through, which it shouldn't.
It's reading the web.config file fine, I've confirmed it by inserting gibberish into it, and it pops the generic "an error has occurred" page. I've also confirmed it by checking with process monitor, to make sure it was reading the proper web.config file.
The same thing happens when I try to setup failed request logging. At app-level, nothing gets logged, but at server level, I get a log, which doesn't contain much. If I turn on Windows Auth only (without anonymous) on the app, I can see in the failed request log that it doesn't try to do anything else than anonymous authentication.
I have tried to re-install IIS through the remove/add role wizards, but still no go.
Anyone has a clue as to what I can try next?
Best Answer
Turns out that our IIS install script included the following:
Which essentially changes the default setting for all application pools that disabled any configuration override. Essentially, this turned off the ability to use web.config files within our sites.
That would definitely do it. I couldn't see anything in the UI for the
enableConfigurationOverrideoption.So I just ran the following in Powershell to fix the issue: