Enable authentication for IIS app in Powershell
You don't need separate -PSPath
and -Location
parameters. You can combine them like this:
-PSPath "IIS:\Sites\$SiteName\$AppName"
So the actual command will look like this:
Set-WebConfigurationProperty -Filter "/system.webServer/security/authentication/windowsAuthentication" -Name Enabled -Value True -PSPath "IIS:\Sites\$SiteName\$AppName"
Note that you may run into this error:
Set-WebConfigurationProperty : This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
Tomfanning over at ServerFault provided the solution here. I have repeated his steps here:
- Open IIS Manager
- Click the server name in the tree on the left
- Right hand pane, Management section, double click Configuration Editor
- At the top, choose the section system.webServer/security/authentication/anonymousAuthentication
- Right hand pane, click Unlock Section
- At the top, choose the section system.webServer/security/authentication/windowsAuthentication
- Right hand pane, click Unlock Section
I had the issue of dealing with locked sections and the accepted answer proposes opening up a GUI to solve it, which I am trying to avoid with PowerShell in first place.
Short Answer
Enable Windows Authentication and Disable Anonymous Authentication
$iisSiteName = "Default Web Site"
$iisAppName = "MyApp"
Write-Host Disable anonymous authentication
Set-WebConfigurationProperty -Filter '/system.webServer/security/authentication/anonymousAuthentication' -Name 'enabled' -Value 'false' -PSPath 'IIS:\' -Location "$iisSiteName/$iisAppName"
Write-Host Enable windows authentication
Set-WebConfigurationProperty -Filter '/system.webServer/security/authentication/windowsAuthentication' -Name 'enabled' -Value 'true' -PSPath 'IIS:\' -Location "$iisSiteName/$iisAppName"
Dealing with Locked Sections
As noted in the IIS documentation:
Authentication sections are usually locked, i.e. they can't be written to a web.config file but have to be written to the central applicationhost.config file instead.
We have to use -PSPath
and -Location
parameters.
Set-WebConfigurationProperty -filter /system.webServer/security/authentication/windowsAuthentication -name enabled -value true -PSPath IIS:\ -location DemoSite/DemoApp