IIS 7+ How To Change Authentication Mode of a Single File

At a client of mine there is a hardware loadbalancer in place. SharePoint usually runs via NLB (Network Loadbalancing), but Hardware Loadbalancing works, too.

This specific Loadbalancer is sticky (first request from a certain ip is routed to one of the servers in the rotation, every next request is then routed there as well).

To make sure no servers are in the rotation (round-robin) it polls a specific url ([my web site url]/index.html) without using a service account, i.e. a head request will send 401, if windows authentication is set up for the IIS-Site.

In consequence this means for the HLB all servers of the rotation seem to be offline, because 401 is not a valid return code (it requires servers to respond with a 200 code).
If you need more information on what 200, 401, 404 and all the others mean, then check this link: Return Codes.

For the last six months I have been looking all over the internet how to allow anonymous authentication on a single file either via modules of the IIS UI or the web.config. The reasoning behind only doing it on one file is, well, security-related of course as well as web-services related. Some web-services don’t work if anonymous authentication is set for the complete web site.

Now, per chance I found the resolution to the issue. This has caused me endless pain, so I wanted to share.

IS file permissions are not set using Windows Explorer they must be set from with IIS.

Open up your IIS console, and on your left, under sites, click on your website.

Switch to content view by clicking the button at the bottom, then find the file you want to change the permissions on. Right click this file and select ‘switch to features view’

On the middle pane, you should be able to click on the authentication icon. Right click on anonymous authentication and select enable. This will enable anonymous authentication only for that file.