Microsoft IIS 10.0 – URL authorization and authentication

install phpMyAdmin On CentOS 8

In this recipe, we will configure the URL authorization rule and enable and disable the authentication type of the website.

Getting ready

We require an up-and-running IIS 10.0 instance. Security components should be installed. You should have administrative privileges.

How to do it…

  1. Log in to Windows Server 2016 with an account with administrative privileges.
  2. Open Server Manager from the Start menu or use the search window to find it.
  3. Click on the Tools menu from Server Manager; you will find IIS Manager. Open it and click on the WIN2016IIS IIS server. Go to Features view and select Authorization Rules:
  1. Go to the Actions pane of Authorization Rules. You have two options: Add Allow Rule… and Add Deny Rule…, as shown in the following screenshot. Click on Add Allow Rule…:
  1. The following Add Allow Authorization Rule window pops up:
  1. Here, we can select one out of All users, All Anonymous users, and S pecified roles or user groups. Next, you can select any specified users you require. We can choose to allow them over here. You can use specific verbs in it, such as GET and POST. Let’s see how we can add a deny authorization rule.



  1. Go to the Actions pane of authorization rule and click on Deny rule, as shown here:
  1. Here, in Add Deny Authorization Rule, we can select All users, All Anonymous users, or Specified roles or user groups. Next, you can select any specified users. Depending on our requirement, we can choose over here to deny them access to the website; you can use the specific verbs such as GET and POST. Let’s see how we can disable an authorization rule.



  1. Let’s move to the authentication type; go to the Features View of, as shown here:
  1. Open the Authentication option. You will see the listed Authentication type method available:
  1. In the Authentication Features View pane, we can enable and disable the type of authentication. We have Anonymous Authentication, ASP.NET Impersonation, Basic Authentication, Digest Authentication, Forms Authentication, and Windows Authentication.

How it works…

In this recipe, we configured URL authorization allow and deny rules. We also enabled and disabled the authentication type of a website.

Comments are closed.