Config Error: This configuration section cannot be used at this path

I had the same problem. Don't remember where I found it on the web, but here is what I did:

• Click "Start button"
• in the search box, enter "Turn windows features on or off"
• in the features window, Click: "Internet Information Services"
• Click: "World Wide Web Services"
• Click: "Application Development Features"
• Check (enable) the features. I checked all but CGI.

You can use the IIS Manager to edit these settings. Read more at An Overview of Feature Delegation:

Using the Feature Delegation option from the root of IIS:

You can control each feature's permissions; if you try to use one that is set to read-only, it will give you these overrideMode="Deny" errors:

For Windows Server 2012 and IIS 8, the procedure is similar.

The Web Server (IIS) and Application Server should be installed, and you should also have the optional Web Server (IIS) Support under Application Server.

Browse to “C:\Windows\System32\inetsrv\config” (you will need administrator rights here) Open applicationHost.config

Note: In IISExpress and Visual Studio 2015 the applicationHost.config is stored in $(solutionDir).vs\config\applicationhost.config

Find the section that showed up in the “config source” part of the error message page. For me this has typically been “modules” or “handlers”

Change the overrideModeDefault attribute to be Allow

So the whole line now looks like:

<section name="modules" allowDefinition="MachineToApplication" overrideModeDefault="Allow" />

After saving the file, the page loaded up fine in my browser.

Further reading on 64-bit environments: Editing applicationHost.config on 64-bit Windows

1. Open "Turn windows features on or off" by: WinKey+R => "optionalfeatures" => OK

   

2. Enable those features under "Application Development Features"

   

Tested on Win 10 - But probably will work on other windows versions as well.

You need to unlock handlers. This can be done using following cmd command:

%windir%\system32\inetsrv\appcmd.exe unlock config -section:system.webServer/handlers

Maybe another info for people that are getting this error on IIS 8, in my case was on Microsoft Server 2012 platform. I had spend couple of hours battling with other errors that bubbled up after executing appcmd. In the end I was able to fix it by removing Web Server Role and installing it again.

I ran these two commands from an elevated command prompt to solve this problem:

%windir%/system32/inetsrv/appcmd unlock config /section:anonymousAuthentication

%windir%/system32/inetsrv/appcmd unlock config /section:windowsAuthentication

As per my answer to this similar issue;

Try unlocking the relevant IIS configuration settings at server level, as follows:

1. Open IIS Manager
2. Select the server in the Connections pane
3. Open Configuration Editor in the main pane
4. In the Sections drop down, select the section to unlock, e.g. system.webServer > defaultPath
5. Click Unlock Attribute in the right pane
6. Repeat for any other settings which you need to unlock
7. Restart IIS (optional) - Select the server in the Conncetions pane, click Restart in the Actions pane

The best option is to Change Application Settings from the Custom Site Delegation
Open IIS and from the root select Feature Delegation and then select Application Settings and from the right sidebar select Read/Write

This Did the trick for me, for IIS 8 Windows server 2012 R2

Go to "Turn on Features"

Then go to all default setting , Next, Next, Next etc..

Then, select as shown below,

Then reset IIS (optional) but do it safer side.

This is an additional solution as its a generic problem everyone have different of problem and thus different solution. Cheers!

On Windows Server 2012 with IIS 8 I have solved this by enabling ASP.NET 4.5 feature:

and then following ken's answer.

To fix this open up the IIS Express applicationhost.config. This file is stored at C:\Users[your user name]\Documents\IISExpress\config\applicationhost.config

Update for VS2015+: config file location is $(solutionDir).vs\config\applicationhost.config

Look for the following lines

<section name="windowsAuthentication" overrideModeDefault="Deny" />
<section name="anonymousAuthentication" overrideModeDefault="Deny" />
<add name="WindowsAuthenticationModule" lockItem="true" />
<add name="AnonymousAuthenticationModule" lockItem="true" />

Change those lines to

<section name="windowsAuthentication" overrideModeDefault="Allow" />
<section name="anonymousAuthentication" overrideModeDefault="Allow" />
<add name="WindowsAuthenticationModule" lockItem="false" />
<add name="AnonymousAuthenticationModule" lockItem="false" />

Save it and refresh Asp.net Page.

In our case on IIS 8 we found the error was produced when attempting to view Authentication" for a site, when:

1. The server Feature Delegation marked as "Authentication - Windows" = "Read Only"
2. The site had a web.config that explicitly referenced windows authentication; e.g.,

Marking the site Feature Delegation "Authentication - Windows" = "Read/Write", the error went away. It appears that, with the feature marked "Read Only", the web.config is not allowed to reference it at all even to disable it, as this apparently constitutes a write.

Seems that with IIS Express and VS 2015, there's a copy of the applicationHost.config file at $(solutionDir).vs\config\applicationhost.config so you'll need to make changes there. See this link: http://digitaldrummerj.me/iis-express-windows-authentication/

Make sure these lines are changed per below:

<section name="windowsAuthentication" overrideModeDefault="Allow" />
<section name="anonymousAuthentication" overrideModeDefault="Allow" />
<add name="WindowsAuthenticationModule" lockItem="false" />
<add name="AnonymousAuthenticationModule" lockItem="false" />

In my case it was that on server was not enabled "HTTP Activation" under .NET Framework Features. So for Windows Server 2012 the solution which worked for me was:

Server Manager -> Add roles and features -> Features -> make sure that under .NET Framework of version you want to use is checked "HTTP Activation"

The Powershell way of enabling the features (Windows Server 2012 +) - trim as needed:

Install-WindowsFeature NET-Framework-Core
Install-WindowsFeature Web-Server -IncludeAllSubFeature
Install-WindowsFeature NET-Framework-Features -IncludeAllSubFeature
Install-WindowsFeature NET-Framework-45-ASPNET -IncludeAllSubFeature
Install-WindowsFeature Application-Server -IncludeAllSubFeature
Install-WindowsFeature MSMQ -IncludeAllSubFeature
Install-WindowsFeature WAS -IncludeAllSubFeature

I noticed one answer that was similar, but in my case I used the IIS Configured Editor to find the section I wanted to "unlock".

Then I copied the path and used it in my automation to unlock it prior to changing the sections I wanted to edit.

. "$($env:windir)\system32\inetsrv\appcmd" unlock config -section:system.webServer/security/authentication/windowsAuthentication
. "$($env:windir)\system32\inetsrv\appcmd" unlock config -section:system.webServer/security/authentication/anonymousAuthentication

The error says that the configuration section is locked at the parent level. So it will not be directly 1 config file which will resolve the issue, we need to go through the hierarchy of the config files to see the inheritance Check the below link to go through the File hierarchy and inheritance in IIS

https://msdn.microsoft.com/en-us/library/ms178685.aspx

So you need to check for the app config settings in the below order

1. ApplicationHost.config in C:windows\system32\inetsrv\config. Change the overrideModeDefault attribute to be Allow.
2. ApplicationName.config or web.config in the applications directory
3. Web.config in the root directory.
4. Web.config in the specific website (My issue was found at this place).
5. Web.config of the root web (server's configuration)
6. machine.config of the machine (Root's web.config and machine.config can be found at - systemroot\MicrosoftNET\Framework\versionNumber\CONFIG\Machine.config)

Go carefully through all these configs in the order of 1 to 6 and you should find it.

I needed to change the SSL settings on a subfolder when i got this nice message. In my case following action helped me out.

Opened C:\Windows\System32\inetsrv\config\applicationHost.config

And changed the value from overrideModeDefault="Deny" to "Allow"

<sectionGroup name="system.webServer">
 ...
    <sectionGroup name="security">
        <section name="access" overrideModeDefault="Allow" />
    </sectionGroup>

In my case, I got this error because I was operating on the wrong configuration file.

I was doing this:

Configuration config = serverManager.GetWebConfiguration(websiteName);
ConfigurationSection serverRuntimeSection = config.GetSection("system.webServer/serverRuntime");
serverRuntimeSection["alternateHostName"] = hostname;

instead of the correct code:

Configuration config = serverManager.GetApplicationHostConfiguration();
ConfigurationSection serverRuntimeSection = configApp.GetSection("system.webServer/serverRuntime", websiteName);
serverRuntimeSection["alternateHostName"] = hostname;

in other words, I was trying to operate on the website's web.config instead of the global file C:\Windows\System32\inetsrv\config\applicationHost.config, which has a section (or can have a section) for the website. The setting I was trying to change exists only in the applicationHost.config file.

In my case, it was something else.

When I loaded the solution in a new version of Visual Studio, VS apparently created a new project-specific applicationhost.config file:

MySolutionDir\.vs\config\applicationhost.config

It started using the settings from the new config, instead of my already customized global IIS Express settings. (\Users\%USER%\Documents\IISExpress\config\applicationhost.config)

In my case this was the setting that needed to be set. Of course it could be something else for you:

<section name="ipSecurity" overrideModeDefault="Allow" />

Received this same issue after installing IIS 7 on Vista Home Premium. To correct error I changed the following values located in the applicationHost.config file located in Windows\system32\inetsrv.

Change all of the following values located in section -->

<div mce_keep="true"><section name="handlers" overrideModeDefault="Deny" /> change this value from "Deny" to "Allow"</div>
<div mce_keep="true"><section name="modules" allowDefinition="MachineToApplication" overrideModeDefault="Deny" /> change this value from "Deny" to "Allow"</div>

Can You try this:

Go to application path where you're getting deny error, right click

Properties->Security tab

In that, change the permissions and check the checkbox read and write. Then it will work without any error hopefully.

I had the similar issue, but I used the following powershell script which helped me to achieve above steps in on button click.

#Install IIS
Import-Module ServerManager

Add-WindowsFeature Web-Server, Web-Asp-Net45, Web-Mgmt-Console, Web-Scripting-Tools, NET-WCF-HTTP-Activation45, Web-Windows-Auth

the list of features can be added or removed based on the requirement.

For Windows Server 2008 and IIS 7, the procedure is similar. please refer to this: http://msdn.microsoft.com/en-us/library/vstudio/bb763178(v=vs.100).aspx

in add role service, u will see "Application Development Features"

Check (enable) the features. I checked all.

In my case I was getting this error when attempting to update the authentication settings in IIS also in addition to browsing. I was able to remove this error by removing the authentication setting from the web.config itself. Removing a problematic configuration section may be less invasive and preferable in some cases than changing the server roles and features too much:

Section Removed:

    <security>
        <authentication>
            <windowsAuthentication enabled="true" />
        </authentication>
    </security>

I had the same problem. I deleted this section from the web.config file.

<modules>
      <remove name="WebDAVModule" />
</modules>

I had an issue where I was putting in the override = "Allow" values (mentioned here already)......but on a x64 bit system.......my 32 notepad++ was phantom saving them. Switching to Notepad (which is a 64bit application on a x64 bit O/S) allowed me to save the settings.

See :

http://dpotter.net/technical/2009/11/editing-applicationhostconfig-on-64-bit-windows/

The relevant text:

One of the problems I’m running down required that I view and possibly edit applicationHost.config. This file is located at %SystemRoot%\System32\inetsrv\config. Seems simple enough. I was able to find it from the command line easily, but when I went to load it in my favorite editor (Notepad++) I got a file not found error. Turns out that the System32 folder is redirected for 32-bit applications to SysWOW64. There appears to be no way to view the System32 folder using a 32-bit app. Go figure. Fortunately, 64-bit versions of Windows ship with a 64-bit version of Notepad. As much as I dislike it, at least it works.

I had the same issue.

• Resolved it by enabling Application Server feature. Restarted iis after that.

This worked for me Also in IIS 8 you can solve this problem by changing the server to IIS Express. Goto debug->Properties In the Web select the server as IIS Express from the dropdown and then rebuild the solution