SetEnvIfNoCase Host: .htaccess to web.config conversion

Question

I have tried IIS Manager and some online conversion tools but I can't figure out how to achieve the following .htaccess rules in a web.config file:

SetEnvIfNoCase Host my-domain.com  nopassreq

AuthType Basic
AuthName "Restricted"
AuthUserFile "/home/my-domain.com/passwd"
require valid-user

Order allow, deny
Allow from env=nopassreq
Satisfy any

Basically if the user has come to the site using my-domain.com it doesn't ask for authentication, but if it was my-other-domain.com or anything else actually, it would ask for authentication.

I have multiple domains pointing to the same cloud instance on Azure, and I need some of those to require authentication and some not.

Answer 1

I do not know of any way to set this up in IIS using URL Redirection rules because the only actions supported are Rewrite, None, Redirect, Custom Response and Abort Request. You can use them to set environment variables that your code could evaluate later though.

Since this setting can be defined on a per site basis, perhaps you'll have better luck implementing some automation using PowerShell cmdlets for IIS. For instance, to toggle anonymous authentication:

Set-WebConfigurationProperty -filter /system.WebServer/security/authentication/AnonymousAuthentication `
        -name enabled -value false -location YourApp

Answer 2

Tried a bit, not a .net expert, and got this code:

<rewrite>
    <outboundRules>
         <rule name="nopassres">
             <match serverVariable="nopassreq" pattern=".*" />
             <action type="Rewrite" value="dontpass" />
             <conditions>
                 <add input="{HTTP_HOST}" pattern="my\-domain\.com" />
             </conditions>
         </rule>
    </outboundRules>
</rewrite>