Azure IIS7 Configuration with AppCmd

Got a bit stuck the other day trying to figure out how to set up authentication in IIS running in an Azure web role. I had multiple sites and wanted to have different authentication for each site. It turns out that IIS7 locks down the ability to set these in your web.config by default. Consequently, you have to run a startup task that uses the appcmd tool to modify the master configuration.

Here is the startup task as defined in the ServiceDefinition.csdef


   <Task commandLine="iisunlock.cmd" executionContext="elevated" taskType="simple" />


Here is the contents of the iisunlock.cmd

%windir%\system32\inetsrv\APPCMD.EXE unlock config /section:windowsAuthentication
%windir%\system32\inetsrv\APPCMD.EXE unlock config /section:anonymousAuthentication
%windir%\system32\inetsrv\APPCMD.EXE unlock config /section:basicAuthentication

AppCmd.exe is the single command line tool for managing IIS 7. It exposes all key server management functionality through a set of intuitive management objects that can be manipulated from the command line or from scripts.

AppCmd enables you to easily control the server without using a graphical administration tool and to quickly automate server management tasks without writing code.

Some of the things you can do with AppCmd:

  • Create and configure sites, apps, application pools, and virtual directories
  • Start and stop sites, and recycle application pools
  • List running worker processes, and examine currently executing requests
  • Search, manipulate, export, and import IIS and ASP.NET configuration

AppCmd also allows server administrators to build advanced management tasks simply by combining multiple simpler AppCmd.exe commands, or reusing the output of the tool inside another program.