I have Integrated Windows Authentication (IWA) working fine, but I want to set 'Anonymous' on IIS to Disabled... Currently:
However, whenever I do that, the Service Center users cannot login anymore (all fine with front-end users).
When I test "Authentication Provider" on Lifetime, I see this:
I then set 'Anonymous' on IIS back to Enabled and restart server. I can then get into Service Center and I see an error message about that failed attempt to connect:
Any ideas? Bug? Wrong settings?
I am submitting feedback with this error too and will open a support case.
As we replied on the support case you created, our platform does not support disabling Anonymous authentication on IIS. Several features rely on being able to access IIS without authentication to work.
This being said, you will have to enable anonymous authentication. User access control in OutSystems environments should be done on the application layer (using Roles) and not on IIS.
I hope this clarifies your doubts.
With best regards,
Thanks for the feedback. I had noticed several issues on some platform features, of which the most severe was not being able to login with lifetime users, but had no idea it was not supported at all...
We were disabling Anonymous for some development testing, since it takes more precedence than windows authentication and we're testing some logged in user delegation logic. We'll take that into consideration then.
However, this raises some eyebrows. Its not even possible to have a hybrid solution where just one single frontend is Anonymous Disabled?