Exclude files or folders for authentication on IIS via web.config


A client has an FBA Environment for his extranet on SharePoint.  All pages on the extranet are protected by authentication, you need a username and password to access them.

Now, what if you want to create pages that need no protection?

In my case, pages to request access, to give your email and username when you forgot you password etc, …

These new pages are visible to everyone, but when you add them to your _layouts folder, they too are behind your FBA authorization..

What you can do is open web.config and go to the location item and allow users access there.

it looks like this:

<location path=”_layouts/yournewfolder or file”>



<allow users=”*” />




About: Marijn

Marijn Somers (MVP) has over 14 years experience in the SharePoint world, starting out with SP2007. Over the years the focus has grown to Office 365, with a focus on collaboration and document management. He is a business consultant at Balestra and Principal Content Provider for "Mijn 365 Coach" that offers dutch employee video training. His main work tracks are around user adoption, training and coaching and governance. He is also not afraid to dig deeper in the technicalities with PowerShell, adaptive cards or custom formatting in lists and libraries. You can listen to him on the biweekly "Office 365 Distilled" podcast.

One thought on “Exclude files or folders for authentication on IIS via web.config”

Leave a Reply

%d bloggers like this: