asp.net mvc - IIS Express is automatically disabling anonymous authentication for my project, why?

Question

When I switch my ASP.NET MVC project from Cassini web server to IIS Express, this is added to my applicationhost.config file:

<location path="MyProject">
    <system.webServer>
        <security>
            <authentication>
                <anonymousAuthentication enabled="false" />
                <windowsAuthentication enabled="false" />
            </authentication>
        </security>
    </system.webServer>
</location>

It's causing the site not to load with 401.2 - Unauthorized and I can't fix it on the Web.config level - it will then complain that the section is locked at parent level (HTTP 500.19).

I can fix it by amending the applicationhost.config file but I don't understand why I should need to when no such section is added for a vanilla ASP.NET MVC project. What can be wrong?

I'm using VS 11 beta but also confirmed this weird behavior in 2010 SP1. IIS Express says it's version 7.5.

Answer 1

It was because for some reason, this was in my csproj file:

<IISExpressAnonymousAuthentication>disabled</IISExpressAnonymousAuthentication>

Setting it to enabled fixes the issue (it can also be done from Visual Studio, select project, F4, set Anonymous Authentication in the properties grid to Enabled).