IIS 6.0 F1: Authentication Methods

  • Article

Applies To: Windows Server 2008 R2

Use this dialog box to configure your Web server to verify user identities. You can authenticate individuals or select groups of users to prevent unauthorized persons from establishing a Web (HTTP) connection to restricted content. Anonymous access allows users to establish an anonymous connection. The user logs on to IIS with an anonymous or guest account. There are currently four Authenticated access methods:

  • Windows Integrated authentication uses a cryptographic exchange with the user's Web browser to confirm the identity of the user.

  • Digest authentication works only with Active Directory® accounts, sending a hash value over the network, rather than a plaintext password. Digest authentication works across proxy servers and other firewalls and is available on Web Distributed Authoring and Versioning (WebDAV) directories.

  • Basic authentication transmits passwords across the network in cleartext, an unencrypted form.

Enable anonymous access

Select this check box to establish an anonymous connection for users. IIS logs on the user with an anonymous or guest account. By default, the server creates and uses the account IUSR_computername.

User name

This is the user name for the account used for anonymous access only within Windows.

Password

The anonymous user account password is used only within Windows. Anonymous users do not log on by using a user name and password.

Browse

Click to search and select the object type, such as user, and the location, such as your computer or any accessible computer connected on the network.

Authenticated access

Options selected in this section require that users provide a valid Microsoft Windows user name and password before they access any information on your server.

Integrated Windows authentication

Select to ensure that the user name and password are sent across the network in the form of a hash. This provides a secure form of authentication.

Note

If this authentication method is enabled, IIS uses Windows Integrated authentication only when Anonymous access is disabled and Anonymous access is denied because Windows file system permissions have been set, requiring users to provide a Windows user name and password before establishing a connection with restricted content.

Digest authentication for Windows domain servers

Select to work with Active Directory® and send a hash value over the network, rather than a cleartext password. This method works across proxy servers and other firewalls. Using Digest authentication requires that a Realm be defined.

Basic authentication (password is sent in cleartext)

Select to send the password across the network in cleartext. Basic authentication is part of the HTTP specification and is supported by most browsers; however, user name and password are not encrypted and could present security risks.

Default domain

This identifies the Windows domain used for user authentication control.

Select

To authenticate the user or group, click to view a list of all domains to which you are connected.

Realm

This identifies the domain or other operating system authentication controller used to authenticate the user or group.

Select

Click to view a list of all domains and realms to which you are connected.