Mixed Authentication in IIS7

Process for Mixed Authentication

Configuration in IIS7 Integration Mode

There're some breaking changes in IIS 7, so the configuration is different from that we done on IIS6.

1. Unlock Authentication Section.

 Run below in command line to unlock the section. By default it's locked in IIS7.

%windir%system32inetsrvappcmd unlock config /section:anonymousAuthentication 
%windir%system32inetsrvappcmd unlock config /section:windowsAuthentication

2. Add below in Web.Config

Pay attention to the responseMode attribute of error redirect section. It must be "File" instead of  "ExecuteURL" or "Redirect"

<location path="WinLogin.aspx">
<system.webServer>
 <security>
  <authentication>
   <windowsAuthentication enabled="true" />
   <anonymousAuthentication enabled="false" />
  </authentication>
 </security>
 <httpErrors>
  <remove statusCode="403" subStatusCode="-1" />
  <remove statusCode="401" subStatusCode="-1" />
  <error statusCode="401" prefixLanguageFilePath="" path="redirect401.htm" responseMode="File" />
  <error statusCode="403" prefixLanguageFilePath="" path="redirect401.htm" responseMode="File" />
 </httpErrors>
</system.webServer>
</location> 
<location path="WebLogin.aspx">
<system.web>
 <authorization>
<allow users="?,*" />
 </authorization>
</system.web>
<system.webServer>
 <security>
  <authentication>
   <windowsAuthentication enabled="false" />
   <anonymousAuthentication enabled="true" />
  </authentication>
 </security>
</system.webServer>
</location>
<location path="Redirect401.htm">
<system.web>
 <authorization>
  <allow users="?,*" />
 </authorization>
</system.web>
<system.webServer>
 <security>
  <authentication>
   <windowsAuthentication enabled="false" />
   <anonymousAuthentication enabled="true" />
  </authentication>
 </security>
</system.webServer>
</location>
<location path="Images">
<system.web>
 <authorization>
  <allow users="?,*" />
 </authorization>
</system.web>
<system.webServer>
 <security>
  <authentication>
   <windowsAuthentication enabled="false" />
   <anonymousAuthentication enabled="true" />
  </authentication>
 </security>
</system.webServer>
</location>

3. Make sure the Anonymous user identity can access web site directory

By default the identify is "IUSR", need to grant read access to the web site directory.