我们有Windows身份验证设置了临时服务器为我们的客户，帮助prevent从谷歌索引我们分期的网址上。最近，我们发现，我们的网站之一似乎忽略了我们的IIS设置（匿名认证功能，Windows身份验证被启用）。最后我们计算出这些模块节点上移除设置runAllManagedModulesForAllRequests =真（这是需要我们的URL重写网站上）解决了问题，当我们浏览的网站如预期出现登录/密码框中的窗口。如果我们继续设置在那里，该网站允许任何匿名用户浏览该网站。

We have windows authentication set up on our staging server for our clients to help prevent google from indexing our staging URLs. We recently found out that one of our sites is seemingly ignoring our IIS settings (anonymous authentication is disabled, windows authentication is enabled). We ended up figuring out that removing the setting runAllManagedModulesForAllRequests="true" on the modules node (which is required for our URL rewriting on the site) fixes the issue and the windows login/password box appears as expected when we browse to the site. If we keep the setting there, the site allows any anonymous user to browse the website.

如何保持匿名身份验证关闭，同时保持runAllManagedModulesForAllRequests设置为true？

How can we keep anonymous authentication off while keeping runAllManagedModulesForAllRequests set to true?

编辑：我们认识到，我们还有其他的网站，该设置是和Windows身份验证工作得很好。这似乎只发生在我们ASPDotNetStorefront网站。我现在不知道我应该在哪里检查，看看是什么原因造成这个问题 - 我的猜测是某种自定义的验证模块，但我没有足够的知识来找出哪里开始调试这个

We realized that we have other sites where this setting is on and windows authentication is working just fine. This only appears to happen in our ASPDotNetStorefront websites. I'm now wondering where I should check to see what is causing this issue - my guess is some sort of custom authentication module, but I don't have enough knowledge to figure out where to start debugging this.

推荐答案

我们发现，通过设置管理的管道模式到经典，它显然忽略web.config中system.webServer节点，所以我们现在得到的窗口登录提示如我们预期。有些重写的都不行最有可能的，但幸运的是我们不关心我们的临时服务器上这些特定的重写，所以我们都OK了。

We found that by setting the managed pipeline mode to Classic, it will obviously ignore the system.webServer node in the web.config, so we now get the windows login prompt as we expect. Some of the rewrites won't work most likely, but luckily we don't care about these particular rewrites on our staging server, so we are OK.