PowerShell IIS Set-WebConfigurationProperty - Locked ApplicationHost.config section

The sections you are trying to change are set in the IIS machine config. You have to unlock the sections in order to set them per-site.

See: Programmatically unlocking IIS configuration sections in Powershell

Your Filter does not look right. You can think of the filter as basically an XPath query. So if you use a filter of //authentication/* then that will get all of your configuration under an authentication node. It's not exactly the same as XPath, but it's pretty close. Just remember that you can't select metadata sections like sectionGroup or location tags using just the Filter parameter alone.

I had an issue where I needed to have Windows authentication unlocked at the server level that way I could set Windows auth to different values at the application level. So I had to do something like this:

Set-WebConfiguration -Metadata OverrideMode -Value Allow -Filter //windowsAuthenticationSet-WebConfigurationProperty -PSPath IIS:\Sites\$WebsiteName\$AppName -Filter //windowsAuthentication -Name Enabled -Value $true

What this did was create a section in the applicationHost.config file that looked like this:

<location path="" overrideMode="Allow">        <system.webServer>            <security>                <authentication>                    <windowsAuthentication>                    </windowsAuthentication>                </authentication>            </security>        </system.webServer></location>

Whatever configuration you place with that location tag will be considered unlocked according to IIS I believe.

And this is what was added to the Web.config file in the web application itself:

<authentication>    <windowsAuthentication enabled="true" /></authentication>

Hopefully this helps.