Where to store config, web.config or not...
For those who customise WebDrawer on one machine and then push it to a production machine this may prove handy. I wanted to change the setup of IIS on my dev machine to not update the web.config when I change the authentication settings. Here is what I did...
1. Go to Feature delegation in IIS Manager
2. Select Custom Sites
3. Set the authentication settings to Read Only
4. Clean modified web.configs
Remove the <security /> section from all web.config files that have already been updated, otherwise you will get an error when you attempt to open these applications. Also check c:\inetpub\wwwroot\web.config to ensure that authentication has not been set here.
5. Update applications in IIS
Go through each application in IIS and ensure the authentication settings are correct, this will update applicationHost.config.
Summary
Setting these settings to Read Only prevents them being updated in the application specific web.config, instead they will be set in the applicationHost.config