How to exclude some FastCGI URLs from Windows Authentication in IIS 6.2

Question

I have a Site in IIS 6.2 that is using Windows Authentication to control access.

There is one URL that I don't want authentication on - I want users to be able to access it anonymously.

All URLs in the Site are served dynamically by FastCGI process. So I cannot simply select a static folder in IIS and enable Anonymous auth for that path.

I've thought about creating a new Site with one URL that proxies the request to the original site but I would have to figure out how to inject/fake authentication parameters on the fly.

Answer 1

I found that I can add nested virtual directories to my Site and allow Anonymous Auth on the virtual directories. Each virtual directory points to an empty folder just to be safe. Those virtual directories match the URL that is handled by my FastCGI. For example, the URL I'm overriding is foo/bar/works, I added 3 virtual directories. On the works virtual directory, I enabled Anonymous auth and disabled Windows Auth. Then when I visit http://mysite/foo/bar/works/, I'm allowed in without auth AND the request is still actually handled by my FastCGI app.