IIS 7+ How To Change Authentication Mode of a Single File

At a client of mine there is a hardware loadbalancer in place. SharePoint usually runs via NLB (Network Loadbalancing), but Hardware Loadbalancing works, too.

This specific Loadbalancer is sticky (first request from a certain ip is routed to one of the servers in the rotation, every next request is then routed there as well).

To make sure no servers are in the rotation (round-robin) it polls a specific url ([my web site url]/index.html) without using a service account, i.e. a head request will send 401, if windows authentication is set up for the IIS-Site.

In consequence this means for the HLB all servers of the rotation seem to be offline, because 401 is not a valid return code (it requires servers to respond with a 200 code).
If you need more information on what 200, 401, 404 and all the others mean, then check this link: Return Codes.

For the last six months I have been looking all over the internet how to allow anonymous authentication on a single file either via modules of the IIS UI or the web.config. The reasoning behind only doing it on one file is, well, security-related of course as well as web-services related. Some web-services don’t work if anonymous authentication is set for the complete web site.

Now, per chance I found the resolution to the issue. This has caused me endless pain, so I wanted to share.

IS file permissions are not set using Windows Explorer they must be set from with IIS.

Open up your IIS console, and on your left, under sites, click on your website.

Switch to content view by clicking the button at the bottom, then find the file you want to change the permissions on. Right click this file and select ‘switch to features view’

On the middle pane, you should be able to click on the authentication icon. Right click on anonymous authentication and select enable. This will enable anonymous authentication only for that file.


3 Responses to IIS 7+ How To Change Authentication Mode of a Single File

  1. YouSpeakTruth says:

    Nice! This was helpful.

  2. Sack says:

    Unfortunately this does not work in reverse order. (All files accessable anonymously except one)

    • sp2007hut says:

      To my knowledge this is correct, however have you tried creating a sub application, this would result in its own subfolder with own permissions.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: