Configure Web Server Authentication

  • Article

Applies To: Windows Server 2003, Windows Server 2003 with SP1

You can set the authentication method for your Web resources with property sheets at the Web site, directory, or file level by using IIS Manager.

Requirements

  • Credentials: Membership in the Administrators group on the local computer.

  • Tools: Iis.msc.

Recommendation

As a security best practice, log on to your computer using an account that is not in the Administrators group, and then use the Run as command to run IIS Manager as an administrator. At the command prompt, type **runas /user:**administrative_accountname mmc %systemroot%\system32\inetsrv\iis.msc.

Procedures

To configure Web server authentication

  1. In IIS Manager, right-click the Web Sites folder, Web site, directory, virtual directory, or file and click Properties.

    Note

    Configuration settings made at the Web Sites folder level can be inherited by all Web sites

  2. Click the Directory Security or File Security tab, depending upon the level at which you are configuring security settings.

  3. In Authentication and access control, click Edit.

  4. To configure Integrated Windows authentication, in Authenticated access, select the Integrated Windows authentication check box.

  5. To configure Digest authentication, in Authenticated access, select the Digest authentication for Windows domain servers check box.

  6. To configure Advanced Digest authentication, in the Realm text box, type the realm name, or click Select to browse for a domain.

    Note

    If Basic authentication is enabled for the site, virtual directory, or folder you are configuring, the Default domain text box will also be available. However, Realm is only meaningful for Advanced Digest authentication.

    To configure Basic authentication, In the Authenticated access section, select the Basic authentication (password is sent in clear text) check box. Because Basic authentication sends passwords over the network unencrypted, a dialog box appears asking if you want to proceed. Click Yes to proceed. In the Default domain box, either type the domain name you want to use, or click Select to browse to a new default logon domain.

  7. To configure .NET Passport authentication, select the .NET Passport Authentication check box. When .NET Passport authentication is selected, all other authentication methods are unavailable. .NET Passport cannot be used with other authentication methods because it validates user credentials in a fundamentally different way.

  8. Click OK twice.