For IIS express 8.0 on Windows 7, I set in applicationhost.config file about authentication settings.
<authentication>
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="false" />
<clientCertificateMappingAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<iisClientCertificateMappingAuthentication enabled="false">
</iisClientCertificateMappingAuthentication>
<windowsAuthentication enabled="true">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>
When I <windowsAuthentication enabled="true">, I got a popup box prompting the windows account and password. I enter and everthing is good.
However, I want to disable all authentications as this is used internally. So, I disabled windowsAuthentication first. Then try <anonymousAuthentication enabled="true" />, I got 401.2 error together with message "Access is denied". If I change to <anonymousAuthentication enabled="false" />, I got the same 401.2 error but different and much more lines from the browser:
HTTP Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.
Most likely causes:
•No authentication protocol (including anonymous) is selected in IIS.
•Only integrated authentication is enabled, and a client browser was used that does not support integrated authentication.
•Integrated authentication is enabled and the request was sent through a proxy that changed the authentication headers before they reach the Web server.
•The Web server is not configured for anonymous access and a required authorization header was not received.
•The "configuration/system.webServer/authorization" configuration section may be explicitly denying the user access.
Things you can try:
•Verify the authentication setting for the resource and then try requesting the resource using that authentication method.
•Verify that the client browser supports Integrated authentication.
•Verify that the request is not going through a proxy when Integrated authentication is used.
•Verify that the user is not explicitly denied access in the "configuration/system.webServer/authorization" configuration section.
•Check the failed request tracing logs for additional information about this error. For more information, click here.
More Information:
This error occurs when the WWW-Authenticate header sent to the Web server is not supported by the server configuration. Check the authentication method for the resource, and verify which authentication method the client used. The error occurs when the authentication methods are different. To determine which type of authentication the client is using, check the authentication settings for the client.
View more information »
What can I do? I want to access the page without any authentication.
I resolved it. After
I found online another config I didn't know before, the web.config. The line in my web.config was:
I changed it to:
Now, everything is good.