M
Michael Tsai
Hi,
It said that IIS 6 use HTTP.sys as the front end for
handling HTTP request, and pass ASP.NET requests
to w3wp.exe. So I think this also means security
settings in IIS (metabase) is bypassed, right?
Apparently the answer is no, I'ved tried using IIS to set my
ASP.NET web application's authentication method to basic
authentication, but my web app's web config still allow
anonymous access. When I use browser to acces my Web
app, it asks me to input username and password. So IIS
metabase is still used, but how? All the information I found
with Google just show that HTTP.sys directly pass request
to w3wp.exe, so when/where did IIS metabase be read and
applied?
Thanks!
Michael Tsai
It said that IIS 6 use HTTP.sys as the front end for
handling HTTP request, and pass ASP.NET requests
to w3wp.exe. So I think this also means security
settings in IIS (metabase) is bypassed, right?
Apparently the answer is no, I'ved tried using IIS to set my
ASP.NET web application's authentication method to basic
authentication, but my web app's web config still allow
anonymous access. When I use browser to acces my Web
app, it asks me to input username and password. So IIS
metabase is still used, but how? All the information I found
with Google just show that HTTP.sys directly pass request
to w3wp.exe, so when/where did IIS metabase be read and
applied?
Thanks!
Michael Tsai