I'm using the ServerManager class (from Microsoft.Web.Administration) to create applications on a server running IIS 7. I want to configure whether the application uses anonymous authentication or Windows-authentication on an application-basis so I can't simply ask IT to change the settings on the root site. The contents of the application belongs to a third party so I'm not allowed to change the web.config file inside the application.

The Application class doesn't expose any useful properties, but maybe I could get something done using the ServerManager's GetApplicationHostConfiguration method?

It sounds like your hoping to alter the Internet Information System configuration for the site; if that is correct something like this should work:

using (ServerManager serverManager = new ServerManager())
{
    Configuration config = serverManager.GetWebConfiguration("Contoso");
    ConfigurationSection authorizationSection = config.GetSection("system.webServer/security/authorization");
    ConfigurationElementCollection authorizationCollection = authorizationSection.GetCollection();

    ConfigurationElement addElement = authorizationCollection.CreateElement("add");
    addElement["accessType"] = @"Allow";
    addElement["roles"] = @"administrators";
    authorizationCollection.Add(addElement);

    serverManager.CommitChanges();
 }

The above code will allow you to create an authorization rule that allows a particular user in a group to access a particular site. In this case the site is Contoso.

Then this will disable Anonymous authentication for the site; then enable Basic & Windows Authentication for the site:

using(ServerManager serverManager = new ServerManager()) 
{ 
    Configuration config = serverManager.GetApplicationHostConfiguration();

    ConfigurationSection anonymousAuthenticationSection = config.GetSection("system.webServer/security/authentication/anonymousAuthentication", "Contoso");
    anonymousAuthenticationSection["enabled"] = false;

    ConfigurationSection basicAuthenticationSection = config.GetSection("system.webServer/security/authentication/basicAuthentication", "Contoso");
    basicAuthenticationSection["enabled"] = true;

    ConfigurationSection windowsAuthenticationSection = config.GetSection("system.webServer/security/authentication/windowsAuthentication", "Contoso");
    windowsAuthenticationSection["enabled"] = true;

    serverManager.CommitChanges();
}

Or you can simply add an IIS Manager User Account if you'd like; which you can set to certain permissions to manipulate and manage those other applications.

using (ServerManager serverManager = new ServerManager())
{
    Configuration config = serverManager.GetAdministrationConfiguration();

    ConfigurationSection authenticationSection = config.GetSection("system.webServer/management/authentication");
    ConfigurationElementCollection credentialsCollection = authenticationSection.GetCollection("credentials");
    ConfigurationElement addElement = credentialsCollection.CreateElement("add");
    addElement["name"] = @"ContosoUser";
    addElement["password"] = @"P@ssw0rd";
    addElement["enabled"] = true;
    credentialsCollection.Add(addElement);

    serverManager.CommitChanges();
}

There is a lot of flexibility within Internet Information System; its quite powerful. The documentation through there reference is also quite in depth. The examples are quite inept to be adapted to your particular usage or at least provide a level of understanding to make it do what you want.

Hopefully that help, those examples came from here: