We have a IIS server with multiple sites that are managed by different teams. We want to standardize on and enforce Kerberos autentication for all sites with each site having an individual AD group for authorization/access.
The obvious solution would be to just configure authentication and authorization in each sites web.config, but since we do want each team to be able to manage their own site we assume that the authentication/authorization configuration then can be changed/overriden. We do not want the authentication/authorization changed or disabled, but we do want each site team to be able to provide a custom authentication error page.
Is it possible to have individual authentication/authorization config for each site that cannot be overriden by developers with web.config further down the hierarchy, while still allowing the custom authentication error page to be overridden?