IIS Authentication Methods

Discussion in 'ASP .Net Security' started by amsical, Nov 16, 2006.

  1. amsical

    amsical Guest

    Hi All,

    In IIS, One can set Authentication method for accessing a website. (Virtual
    folder -> Properties -> Directory Security -> Anonymous access and
    authentication control -> Edit -> Authentication Methods).

    On Authentication Methods form, there are following four checkboxes:
    1. Anonymous Access
    2. Digest Authentication
    3. Basic Authentication
    4. Integrated Windows Authentication

    Since these are checkboxes, more than one option can be selected at a time.

    My Question:
    If user has selected Anonymous Access and Integrated Windows Authentication
    checkboxes:
    1. Does this mean IIS will use Integrated Windows Authentication and ignore
    Anonymous Access method completely? OR
    2. Does this mean IIS will first use Integrated Windows Authentication. If
    this fails then it will use Anonymous Access method.

    What I am interested in is how IIS determines Authentication method when
    more than one Authentication/Access method has been selected.

    Thanks very much.

    Regards,
    Ajit
    amsical, Nov 16, 2006
    #1
    1. Advertising

  2. it is answer #3 :)

    IIS will first try anonymous - and if this fails, start the integarted auth
    handshake.

    ---
    Dominick Baier, DevelopMentor
    http://www.leastprivilege.com

    > Hi All,
    >
    > In IIS, One can set Authentication method for accessing a website.
    > (Virtual folder -> Properties -> Directory Security -> Anonymous
    > access and authentication control -> Edit -> Authentication Methods).
    >
    > On Authentication Methods form, there are following four checkboxes:
    > 1. Anonymous Access
    > 2. Digest Authentication
    > 3. Basic Authentication
    > 4. Integrated Windows Authentication
    > Since these are checkboxes, more than one option can be selected at a
    > time.
    >
    > My Question:
    > If user has selected Anonymous Access and Integrated Windows
    > Authentication
    > checkboxes:
    > 1. Does this mean IIS will use Integrated Windows Authentication and
    > ignore
    > Anonymous Access method completely? OR
    > 2. Does this mean IIS will first use Integrated Windows
    > Authentication. If
    > this fails then it will use Anonymous Access method.
    > What I am interested in is how IIS determines Authentication method
    > when more than one Authentication/Access method has been selected.
    >
    > Thanks very much.
    >
    > Regards,
    > Ajit
    Dominick Baier, Nov 16, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Neo
    Replies:
    1
    Views:
    516
    Scott Allen
    Jan 7, 2005
  2. Replies:
    1
    Views:
    667
    Mark Fitzpatrick
    Jun 8, 2005
  3. Buster Copley
    Replies:
    5
    Views:
    558
    Gianni Mariani
    Jul 7, 2003
  4. Tron Thomas
    Replies:
    10
    Views:
    1,076
    Tom Widmer
    Nov 10, 2004
  5. Kenneth McDonald
    Replies:
    5
    Views:
    313
    Kenneth McDonald
    Sep 26, 2008
Loading...

Share This Page