I am writing a powershell script to create and configure a number of websites and virtual directories. I am using the .NET Microsoft.Web.Administration assembly. I have created a new application under the default website and added a new virtual directory to it and it all works well. What I'm trying to do now is set up the authentication options for the virtual directory. I am doing the following in powershell:
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Web.Administration")
$oIIS = new-object Microsoft.Web.Administration.ServerManager
$oWebSite = $oIIS.Sites["Default Web Site"]
$oApp = $oWebSite.Applications["/MyApp"]
$oConfig = $oApp.GetWebConfiguration()
$oAnonAuth = $oConfig.GetSection("system.webServer/security/authentication/anonymousAuthentication")
$oAnonAuth.SetAttributeValue("enabled", "False")
However, the SetAttributeValue command gives me the following error:
"This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false"
From what I have read elsewhere, there are some suggestions to change the XML file for the application to allow overriding. I don't want to have to do that - is there any way to programmatically unlock the configuration to allow me to change it? I don't want any user input into this process at all..
Thanks for any help, Al.
Found the answer I was looking for - but being a new user I can't answer my own question for 24 hrs..
I think I found the code below on this site, but my machine has since rebooted so I've lost the page. However, the following seems to work:
#
# Allow overriding of the security settings.
#
$oGlobalConfig = $oIIS.GetApplicationHostConfiguration()
$oConfig = $oGlobalConfig.GetSection("system.webServer/security/authentication/anonymousAuthentication", "Default Web Site/mySite")
$oConfig.OverrideMode="Allow"
$oIIS.CommitChanges()
#
# Following the commit above, we need a new instance of the configuration object, which we can now
# modify.
#
$oGlobalConfig = $oIIS.GetApplicationHostConfiguration()
$oConfig = $oGlobalConfig.GetSection("system.webServer/security/authentication/anonymousAuthentication", "Default Web Site/mySite")
$oConfig.SetAttributeValue("enabled", "False")
$oIIS.CommitChanges()