IIS: add a Deny rule to .NET Authorization

Question

Afternoon guys,

I'm working on going through some lockdowns for IIS, I need to add a Deny rule to .NET Authorizations for all anonymous users. I have this, which partially works

Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT' -filter "system.web/authorization" -name "." -value @{accessType='Deny';users='?'}

? is an alias for All anonymous users

It partially works, as in it creates the rule, but it's set as an Allow Rule even though I'm calling Deny.

Does anyone have any ideas on how to get this to register as a Deny Rule?

Does this answer your question? [Managing IIS .Net Authorization Rules with a powershell script](https://stackoverflow.com/questions/30135330/managing-iis-net-authorization-rules-with-a-powershell-script) — Lex Li, Nov 17 '22 at 19:23

score 0 · Accepted Answer · answered Nov 17 '22 at 19:04

0

I ended up finding the answer in the Related section off to the side. Don't know why this never popped up in my initial googling. Managing IIS .Net Authorization Rules with a powershell script

My final code is

Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT' -filter "system.web/authorization" -name "." -value @{users='?'} -Type 'deny'

answered Nov 17 '22 at 19:04

Fitzgery

558
5
14

I’ll try to set a reminder in a couple days when it’ll let me – Fitzgery Nov 18 '22 at 03:31

IIS: add a Deny rule to .NET Authorization

1 Answers1