Enabling .NET Passport Authentication in IIS 6.0

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

When .NET Passport is enabled, requests coming into IIS must contain .NET Passport credentials either on the query string or within a cookie. The credentials also have to be valid, meaning the ticket has not expired. If IIS does not detect .NET Passport credentials, requests are redirected to the .NET Passport sign-in page.

.NET Passport uses cookies, which contain information that can be compromised. However, .NET Passport authentication can be used over a Secure Sockets Layer (SSL) connection, which reduces the potential of replay attacks.

Important

You must be a member of the Administrators group on the local computer to run scripts and executables. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run your script or executable as an administrator. At a command prompt, type runas /profile /User:MyComputer\Administrator cmd to open a command window with administrator rights and then type cscript.exe ScriptName (include the script's full path and any parameters).

Procedures

To enable .NET Passport authentication on a Web site

  1. In IIS Manager, expand the local computer, expand the Web Sites folder, right-click the Web site on which you want to enable .NET Passport authentication, and click Properties.

  2. Click the Directory Security tab.

  3. In the Anonymous access and authentication control section, click Edit.

  4. Select the .NET Passport Authentication check box. There are fundamental differences in the way .NET Passport validates user credentials, so .NET Passport cannot be used with other authentication methods. When .NET Passport authentication is selected, all other authentication methods are unavailable.

  5. Click OK.