Anonymous access and NTLM authentication in IIS

Question

I have a server set up with IIS, and my site has some pages which should allow anonymous access and some pages which should require the "Integrated Windows authentication". On the Authentication Method screen in IIS it looks like you can enable both "Integrated Windows Authentication" and anonymous access, but the documentation I've read seems to indicate you can only use one or the other.

Does anyone know how to allow anonymous access to some pages and require NTLM authentication on others?

Thanks,

possible duplicate of [How to support NTLM authentication with fall-back to form in ASP.NET MVC?](http://stackoverflow.com/questions/4027911/how-to-support-ntlm-authentication-with-fall-back-to-form-in-asp-net-mvc) — Neil, Jan 15 '14 at 17:33

score 9 · Answer 1 · answered Jan 29 '09 at 19:51

Enabling both Anonymous Access and Windows Authentication means it will try Anonymous Access first, if that fails it will fall back to Windows Authentication. If you need to do both, you can either do as suggested with the web.config, or put the pages that need protection in a sub-folder in IIS, and enable only windows authentication on that.

score 4 · Accepted Answer · edited Dec 06 '14 at 16:41

4

You have to use the authorization section in web.config.

To make only specific folders require authentication, you can have web.config with only the authorization element in subfolders like so:

<configuration>
   <system.web>
      <authorization>
         <deny users="?" />
      </authorization>
   </system.web>
</configuration>

edited Dec 06 '14 at 16:41

GSerg

76,472
17
159
346

answered Jan 29 '09 at 19:13

Daniel Schaffer

56,753
31
116
165

Anonymous access and NTLM authentication in IIS

2 Answers2

Linked