Enable authentication for IIS app in Powershell

You don't need separate -PSPath and -Location parameters. You can combine them like this:

-PSPath "IIS:\Sites\$SiteName\$AppName"

So the actual command will look like this:

Set-WebConfigurationProperty -Filter "/system.webServer/security/authentication/windowsAuthentication" -Name Enabled -Value True -PSPath "IIS:\Sites\$SiteName\$AppName"

Note that you may run into this error:

Set-WebConfigurationProperty : This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".

Tomfanning over at ServerFault provided the solution here. I have repeated his steps here:

  1. Open IIS Manager
  2. Click the server name in the tree on the left
  3. Right hand pane, Management section, double click Configuration Editor
  4. At the top, choose the section system.webServer/security/authentication/anonymousAuthentication
  5. Right hand pane, click Unlock Section
  6. At the top, choose the section system.webServer/security/authentication/windowsAuthentication
  7. Right hand pane, click Unlock Section

I had the issue of dealing with locked sections and the accepted answer proposes opening up a GUI to solve it, which I am trying to avoid with PowerShell in first place.

Short Answer

Enable Windows Authentication and Disable Anonymous Authentication

$iisSiteName = "Default Web Site"
$iisAppName = "MyApp"

Write-Host Disable anonymous authentication
Set-WebConfigurationProperty -Filter '/system.webServer/security/authentication/anonymousAuthentication' -Name 'enabled' -Value 'false' -PSPath 'IIS:\' -Location "$iisSiteName/$iisAppName"

Write-Host Enable windows authentication
Set-WebConfigurationProperty -Filter '/system.webServer/security/authentication/windowsAuthentication' -Name 'enabled' -Value 'true' -PSPath 'IIS:\' -Location "$iisSiteName/$iisAppName"

Dealing with Locked Sections

As noted in the IIS documentation:

Authentication sections are usually locked, i.e. they can't be written to a web.config file but have to be written to the central applicationhost.config file instead.

We have to use -PSPath and -Location parameters.

Set-WebConfigurationProperty -filter /system.webServer/security/authentication/windowsAuthentication -name enabled -value true -PSPath IIS:\ -location DemoSite/DemoApp