Configure IIS to support a federated application

  • Article

Applies To: Windows Server 2003 R2

Claims-aware applications and Windows NT token–based applications that participate in federation must be configured to use Microsoft ASP.NET 2.0. These applications must also be configured to support sign-in requests from anonymous users. Complete the following procedures so that federated users can successfully access federated applications that are hosted on an ADFS-enabled Web server.

Configure IIS to use ASP.NET 2.0

You can use the following procedure to configure ASP.NET 2.0 in Internet Information Services (IIS) for your federated application.

Note

If you are installing Windows SharePoint Services or SharePoint Portal Server 2003 for federation, do not configure IIS to use ASP.NET 2.0. These applications configure their own virtual directories for ASP.NET 2.0 automatically, and you do not have to configure them manually.

To configure IIS to use ASP.NET 2.0

  1. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. In the console tree, double-click the ComputerName folder, double-click Web Sites, right-click the WebSiteName folder, and then click Properties.

    For example, if you want to configure IIS for a Web site serving an application named testapp on the ADFSWeb computer, double-click the ADFSWEB folder, double-click Web Sites, right-click the testapp folder, and then click Properties.

  3. On the ASP.NET tab, in ASP.NET version, select 2.0, and then click OK.

Note

To ensure that ASP.NET 2.0 is enabled properly, verify that ASP.NET v2.0.50727 is set to Allowed under ComputerName/Web Service Extensions.

Configure IIS to enable anonymous access

You can use the following procedure to enable anonymous access in IIS for your federated application.

Note

When you enable the Windows NT token–based Web Agent in IIS, anonymous access is enabled automatically. Therefore, if you are deploying a Windows NT token-based application on the ADFS-enabled Web server, you can choose to enable anonymous access using this procedure or you can bypass this procedure and let the Windows NT token–based Web Agent do this for you after it is enabled.

To configure IIS to enable anonymous access

  1. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. In the console tree, double-click the YourComputerName folder, double-click Web Sites, double-click the YourWebSiteName folder, right-click your application, and then click Properties.

  3. On the Directory Security tab, under Authentication and access control click Edit, and then verify that the Enable anonymous access check box is selected.

  4. Click OK twice to apply the settings and exit the property pages.