0

I've added an Application in IIS Manager beneath the Default Web Server. I want to confirm that the system.webServer and system.web settings in the application's web.config are scoped to the application and have no effect on the settings of the Default Web Server or on other applications. Is that correct?

For example, if windowsAuthentication is enabled for this particular application, that setting will affect this application and only this application:

<system.web>
  <authentication mode="Windows" />
  <authorization>
       <allow roles="myDomain\mySecurityGroup" />
       <deny users="?" />
   </authorization>
 </system.web>


<system.webServer>
   <security>
       <authentication>
          <windowsAuthentication enabled="true" />
       </authentication>
   </security>
</system.webServer>
Tim
  • 8,669
  • 31
  • 105
  • 183
  • https://learn.microsoft.com/en-us/iis/get-started/planning-your-iis-architecture/the-configuration-system-in-iis-7#hierarchy – Lex Li Jul 22 '20 at 12:39
  • "In the web content directories, there may be optional web.config files that control the behavior for their level of the hierarchy and downward." I would like to get clarification on what "level" means there. Are sibling applications beneath Default Web Site on the same "level"? Or is the documentation using "level" as a synonym for "tree node"? – Tim Jul 22 '20 at 13:26

1 Answers1

0

Yes, you are right, only does this application, it also contains the application located in the virtual directory of the website.
Besides, the system.web section is for configuring IIS6.0 and the system.webserver is used to configure IIS7.
Check these links for more details.
Difference between <system.web> and <system.webServer>?
http://arcware.net/use-a-single-web-config-for-iis6-and-iis7/
Feel free to let me know if there is anything I can help with.

Abraham Qian
  • 7,117
  • 1
  • 8
  • 22