How do I activate IIS Authentication?

[ssg47]

Question

How do I active IIS Authentication when using Pode.Web?

The documentation here: https://badgerati.github.io/Pode.Web/0.8.3/Tutorials/Pages/#iis says this:

Enable-PodeSessionMiddleware -Duration 120 -Extend
Add-PodeAuthIIS -Name Example
Set-PodeWebAuth -Authentication Example

I have this as serverAuth.ps1

Import-Module -Name Pode -MaximumVersion 2.10.1
Import-Module -Name Pode.Web -MaximumVersion 0.8.3

Start-PodeServer {
    Add-PodeEndpoint -Address localhost -Port 8081 -Protocol Http

    New-PodeLoggingMethod -EventViewer | Enable-PodeRequestLogging
    New-PodeLoggingMethod -EventViewer | Enable-PodeErrorLogging -Levels Warning,Error,Debug

    Enable-PodeSessionMiddleware -Duration 120 -Extend
    Add-PodeAuthIIS -Name Example
    Set-PodeWebAuth -Authentication Example

    Use-PodeWebTemplates -Title Investigations -Theme Auto

    Add-PodeWebPage -Name Test -ScriptBlock {
        New-PodeWebCard -Content @(
            New-PodeWebParagraph -Value 'This is a test'
        )
    }
}

And this as web.config

<configuration>
  <location path="." inheritInChildApplications="false">
    <system.webServer>
      <handlers>
        <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
        <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
        <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
        <remove name="ExtensionlessUrl-Integrated-4.0" />
        <add name="ExtensionlessUrl-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
      </handlers>

      <modules>
      </modules>

      <aspNetCore processPath="pwsh.exe" arguments=".\serverAuth.ps1" stdoutLogEnabled="true" stdoutLogFile=".\logs\stdout" hostingModel="OutOfProcess"/>

      <security>
        <authorization>
          <remove users="*" roles="" verbs="" />
          <add accessType="Allow" users="*" verbs="GET,HEAD,POST,PUT,DELETE,DEBUG,OPTIONS" />
        </authorization>
      </security>
    </system.webServer>
  </location>
</configuration>

When I navigate to http://ukwka1-00003839.net.acceptance.co.uk/ I get:

HTTP Error 502.5 - ANCM Out-Of-Process Startup Failure

in the browser. I also get three messages in the EventLog on the server, all from source IIS AspNetCore Module V2; there are two warnings (both 1000) and an error (1020). The error contains:

Application '/LM/W3SVC/1/ROOT' with physical root 'D:\Sites\pode.web' failed to start process with commandline 'pwsh.exe .\serverAuth.ps1' with multiple retries. Failed to bind to port '10997'. First 30KB characters of captured stdout and stderr logs from multiple retries:

The stdout log contains this:

[31;1mParentContainsErrorRecordException: [0mC:\Program Files\PowerShell\Modules\Pode\2.10.1\Private\Server.ps1:207[0m
[31;1m[0m[36;1mLine |[0m
[31;1m[0m[36;1m[36;1m 207 | [0m         [36;1mthrow $_.Exception[0m
[31;1m[0m[36;1m[36;1m[0m[36;1m[0m[36;1m     | [31;1m         ~~~~~~~~~~~~~~~~~~[0m
[31;1m[0m[36;1m[36;1m[0m[36;1m[0m[36;1m[31;1m[31;1m[36;1m     | [31;1m[Get] /: Already defined[0m
Pode v2.10.1 (PID: 10296)
[31;1mParentContainsErrorRecordException: [0mC:\Program Files\PowerShell\Modules\Pode\2.10.1\Private\Server.ps1:207[0m
[31;1m[0m[36;1mLine |[0m
[31;1m[0m[36;1m[36;1m 207 | [0m         [36;1mthrow $_.Exception[0m
[31;1m[0m[36;1m[36;1m[0m[36;1m[0m[36;1m     | [31;1m         ~~~~~~~~~~~~~~~~~~[0m
[31;1m[0m[36;1m[36;1m[0m[36;1m[0m[36;1m[31;1m[31;1m[36;1m     | [31;1m[Get] /: Already defined[0m

I made a guess as to the meaning of Already defined and change this line only:

Set-PodeWebAuth -Authentication Example2

and got:

Pode v2.10.1 (PID: 12724)
[31;1mParentContainsErrorRecordException: [0mC:\Program Files\PowerShell\Modules\Pode\2.10.1\Private\Server.ps1:207[0m
[31;1m[0m[36;1mLine |[0m
[31;1m[0m[36;1m[36;1m 207 | [0m         [36;1mthrow $_.Exception[0m
[31;1m[0m[36;1m[36;1m[0m[36;1m[0m[36;1m     | [31;1m         ~~~~~~~~~~~~~~~~~~[0m
[31;1m[0m[36;1m[36;1m[0m[36;1m[0m[36;1m[31;1m[31;1m[36;1m     | [31;1mAuthentication method not defined: Example2[0m
Pode v2.10.1 (PID: 8800)
[31;1mParentContainsErrorRecordException: [0mC:\Program Files\PowerShell\Modules\Pode\2.10.1\Private\Server.ps1:207[0m
[31;1m[0m[36;1mLine |[0m
[31;1m[0m[36;1m[36;1m 207 | [0m         [36;1mthrow $_.Exception[0m
[31;1m[0m[36;1m[36;1m[0m[36;1m[0m[36;1m     | [31;1m         ~~~~~~~~~~~~~~~~~~[0m
[31;1m[0m[36;1m[36;1m[0m[36;1m[0m[36;1m[31;1m[31;1m[36;1m     | [31;1mAuthentication method not defined: Example2[0m

So, fails if they're the same and fails if they're different! :-(

What am I doing wrong?

Note 1: I don't have Web-Net-Ext nor Web-Asp-Net installed. They're not part of the server build image and it will be a non-trivial exercise to get them installed because of that. Given I'm using Core, does that matter?

Note 2 If I remove the Set-PodeWebAuth line the page loads. I'm trying to get to a point where I can have access to the site controlled by Active Directory group membership. Ideally, I would like to be able to control that by page or, at least, have some pages have an additional group membership requirement.

Note 3 The stdout logs files are only full of that control character stuff when it's blowing up - otherwise they're normal text files.