Enable authentication for IIS app in Powershell

Jay Nanavaty picture Jay Nanavaty · Jul 2, 2014 · Viewed 32.5k times · Source

I know how you set this for IIS web site by following command:

Set-WebConfigurationProperty -filter "/system.webServer/security/authentication/windowsAuthentication" -name enabled -value true -PSPath "IIS:\" -location $siteName

But I want to set it for the applications inside that website. For example, I have IIS website named "MySite" and inside that, there are two applications. I want to enable Windows authentication for one and not for the other. So enabling at site level will be enabled for both and that is what I don't want.

Answer

Rick Glos picture Rick Glos · Jul 14, 2015

I had the issue of dealing with locked sections and the accepted answer proposes opening up a GUI to solve it, which I am trying to avoid with PowerShell in first place.

Short Answer

Enable Windows Authentication and Disable Anonymous Authentication

$iisSiteName = "Default Web Site"
$iisAppName = "MyApp"

Write-Host Disable anonymous authentication
Set-WebConfigurationProperty -Filter '/system.webServer/security/authentication/anonymousAuthentication' -Name 'enabled' -Value 'false' -PSPath 'IIS:\' -Location "$iisSiteName/$iisAppName"

Write-Host Enable windows authentication
Set-WebConfigurationProperty -Filter '/system.webServer/security/authentication/windowsAuthentication' -Name 'enabled' -Value 'true' -PSPath 'IIS:\' -Location "$iisSiteName/$iisAppName"

Dealing with Locked Sections

As noted in the IIS documentation:

Authentication sections are usually locked, i.e. they can't be written to a web.config file but have to be written to the central applicationhost.config file instead.

We have to use -PSPath and -Location parameters.

Set-WebConfigurationProperty -filter /system.webServer/security/authentication/windowsAuthentication -name enabled -value true -PSPath IIS:\ -location DemoSite/DemoApp