When I switch my ASP.NET MVC project from Cassini web server to IIS Express, this is added to my applicationhost.config file:
<location path="MyProject">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="false" />
</authentication>
</security>
</system.webServer>
</location>
It's causing the site not to load with 401.2 - Unauthorized and I can't fix it on the Web.config level - it will then complain that the section is locked at parent level (HTTP 500.19).
I can fix it by amending the applicationhost.config file but I don't understand why I should need to when no such section is added for a vanilla ASP.NET MVC project. What can be wrong?
I'm using VS 11 beta but also confirmed this weird behavior in 2010 SP1. IIS Express says it's version 7.5.
It was because for some reason, this was in my csproj file:
<IISExpressAnonymousAuthentication>disabled</IISExpressAnonymousAuthentication>
Setting it to enabled fixes the issue (it can also be done from Visual Studio, select project, F4, set Anonymous Authentication in the properties grid to Enabled).
please right click on the project and select use iis express before pressing F4.
Sometimes ago, I faced the same difficulty, but it was little different from what I see over here. In my laptop I have both VS 08 and VS 13, and SQL Server 2008 R2 and 11G XE. For websites connecting to R2 has never been a problem, but when I was trying to build a website using oracle membership with asp.net, I found that pages open but pages under folder with roles are not opening and giving me the access denied error. Though the folder had a proper web.config inside and the user created with the same role, still it was throwing up the same error. Finally I realized I need the authentication mechanism going and so I added the following code in the system.web of web.config:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All" slidingExpiration="true"
timeout="90" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
<identity impersonate="false"/>
<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="true"
/>
And it did work, now my authenticated users can loginto designated folders! I hope this might help someone who faced issues similar to me.
来源:https://stackoverflow.com/questions/9743550/iis-express-is-automatically-disabling-anonymous-authentication-for-my-project