IIS 7 Basic authentication location issue

I have a website on IIS 7 using Basic authentication. There are some pages that must be public. I added an this exception in a开发者_StackOverflow社区 location element in the web.config and it looks like this:

   <location path="Errors">
    <system.webServer>
      <security>
        <authorization>
          <remove users="*" roles="" verbs="" />
          <add accessType="Allow" users="*" />
        </authorization>
      </security>
    </system.webServer>
  </location>

However, if I try to access some files from that folder, I get this error:

HTTP Error 401.2 - Unauthorized You are not authorized to view this page due to invalid authentication headers. Detailed Error Information Module IIS Web Core Notification AuthenticateRequest Handler StaticFile Error Code 0x80070005 Requested URL http://srv/Errors/error401.htm Physical Path D:\www\MyApp\Errors\error401.htm Logon Method Not yet determined Logon User Not yet determined

How can I have Basic Auth over my site, but allow everyone access on the Errors directory?

IIRC, "?" is for anonymous users... So turn on Anonymous authentication aswell and put this in your web.config... Hope it works for you...

IIS7

<location path="Errors">
  <system.webServer>
    <security>
      <authorization>
        <remove users="*" roles="" verbs="" />
        <add accessType="Allow" users="*" />
      </authorization>
    </security>
  </system.webServer>
</location>

IIS6 (or IIS7 Classic mode)

<location path="Errors">
  <system.web>
    <authorization>
      <allow users="?" />
    </authorization>
  </system.web>
</location>

EDIT

I'm not sure removing the authenticatied users (*) for errors is a good idea, though... Authenticated users can get errors, too... Show them some love... ;)

EDIT 2 (Changed for Classic mode in IIS7)