%3CLINGO-SUB%20id%3D%22lingo-sub-1574045%22%20slang%3D%22en-US%22%3ESet%20up%20a%20public%20page%20in%20Windows%20Authentication%20protected%20website%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1574045%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20all%20of%20the%20pages%20in%20your%20website%20is%20protected%20by%26nbsp%3B%3CSTRONG%3EWindows%20Authentication%3C%2FSTRONG%3E%2C%20use%20the%20configuration%20to%20enable%20public%20access%20to%20certain%20pages.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20idea%20is%20to%20protect%20the%20entire%20website%20and%20create%20an%20exception%20for%20the%20public%20page.%20Here%20are%20the%20steps%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EEnable%20Windows%20Authentication%20and%20disable%20Anonymous%20Authentication%20(This%20is%20how%20the%20Windows%20Authentication%20should%20be%20set%20-%20Anonymous%20Authentication%20should%20be%20disabled)%3C%2FLI%3E%0A%3CLI%3EIn%20the%20web.config%20file%2C%20use%26nbsp%3Blocation%26nbsp%3Btag%20to%20allow%20Anonymous%20access%20to%20a%20certain%20page%3A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-html%22%3E%3CCODE%3E%3CCONFIGURATION%3E%0A%3CSYSTEM.WEB%3E%20%0A%20%20%20%20%20%20%20%20%3CAUTHORIZATION%3E%20%0A%20%20%20%20%20%20%20%20%20%20%20%20%3CALLOW%20users%3D%22*%22%3E%3C%2FALLOW%3E%0A%20%20%20%20%20%20%20%20%20%20%20%20%3CDENY%20users%3D%22%3F%22%3E%3C%2FDENY%3E%0A%20%20%20%20%20%20%20%20%3C%2FAUTHORIZATION%3E%20%0A%3C%2FSYSTEM.WEB%3E%20%0A%0A%3CLOCATION%20path%3D%22test%E2%80%9D%26gt%3B%0A%20%20%20%20%26lt%3Bsystem.webServer%26gt%3B%0A%20%20%20%20%20%20%20%20%26lt%3Bsecurity%26gt%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%26lt%3Bauthentication%26gt%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%26lt%3BanonymousAuthentication%20enabled%3D%22%20true%3D%22%22%3E%3C%2FLOCATION%3E%0A%20%20%20%20%20%20%20%20%20%20%20%20%3C%2FCONFIGURATION%3E%0A%20%20%20%20%20%20%20%20%3C%2FCODE%3E%3C%2FPRE%3E%3C%2FLINGO-BODY%3E%0A%20%20%20%20%0A%0A%0A%3CSYSTEM.WEBSERVER%3E%0A%20%20%20%20%20%3CMODULES%20runallmanagedmodulesforallrequests%3D%22true%22%3E%3C%2FMODULES%3E%0A%3C%2FSYSTEM.WEBSERVER%3E%0A%0A%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20configuration%20allows%20anonymous%20access%20to%20the%20test%20folder.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESet%20%3CCODE%3ErunAllManagedModulesForAllRequests%3C%2FCODE%3E%20parameter%20to%20%3CCODE%3Etrue%3C%2FCODE%3E%20for%20making%20sure%20the%20managed%20modules%20process%20all%20requests.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20page%20may%20throw%20an%20error%20about%20not%20being%20able%20to%20override%20the%20authentication%20settings.%20If%20you%20run%20into%20this%20issue%2C%20go%20to%20applicationHost.config%20file%20and%20set%20%3CCODE%3EoverrideModeDefault%3C%2FCODE%3E%20to%20%3CCODE%3EAllow%3C%2FCODE%3E.%3C%2FP%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1574045%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20all%20of%20the%20pages%20in%20your%20website%20is%20protected%20by%20Windows%20Authentication%2C%20use%20the%20configuration%20to%20enable%20public%20access%20to%20certain%20pages.%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Microsoft

If all of the pages in your website is protected by Windows Authentication, use the configuration to enable public access to certain pages.

 

The idea is to protect the entire website and create an exception for the public page. Here are the steps:

  • Enable Windows Authentication and disable Anonymous Authentication (This is how the Windows Authentication should be set - Anonymous Authentication should be disabled)
  • In the web.config file, use location tag to allow Anonymous access to a certain page:

 

 

<configuration>
<system.web> 
        <authorization> 
            <allow users="*" />
            <deny users="?" />
        </authorization> 
</system.web> 

<location path="test”>
    <system.webServer>
        <security>
            <authentication>
                <anonymousAuthentication enabled="true" />
            </authentication>
        </security>
    </system.webServer>
</location>

<system.webServer>
     <modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
</configuration>

 

 

This configuration allows anonymous access to the test folder.

 

Set runAllManagedModulesForAllRequests parameter to true for making sure the managed modules process all requests.

 

The page may throw an error about not being able to override the authentication settings. If you run into this issue, go to applicationHost.config file and set overrideModeDefault to Allow.