Rectangle 27 0

iis 7 IIS 7.5ASP.NET Anonymous access to everything except one directory how?


On Windows Server 2008 R2 with IIS 7.5 you need to execute Windows Explorer run as Administrator by right clicking it to get admin privileges to modify anything in that folder. Add the application pool identity to the ACL of the c:\inetpub\wwwroot... folder with read and execute permissions.

Note
Rectangle 27 0

iis 7 IIS 7.5ASP.NET Anonymous access to everything except one directory how?


<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <security>
            <authorization>
                <remove users="*" roles="" verbs="" />
                <add accessType="Deny" users="?" />
                <add accessType="Allow" roles="Administrators" />
            </authorization>
        </security>
    </system.webServer>
</configuration>

Thank you very much for the suggestion. I've put this exact contents into a newly-created web.config in the folder and it doesn't appear to accomplish anything (which I find strange). If I restore the NTFS permissions to be the same on this folder as on all other folders in the site, I would expect this web.config to be invoked and prevent access by non-admins (i.e. the anonymous ourdomain\webuser). Is there some other configuration setting I might need to apply so this might work?

This will prevent the access to anonymous users and only allow users from the Admnistrators group. you can use Roles or users for this.

You could use Authorization rules for that, just create a web.config inside the directory you want to protect with the following contents:

Note