Configure the Anonymous Authentication Identity (IIS 7)

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

When you enable Anonymous authentication, you can change the account that IIS uses to access your sites and applications. By default, IIS 7 uses IUSR as the user name for anonymous access. This user name is created when you install IIS 7.

For more information about how to enable Anonymous authentication, see Enable Anonymous Authentication (IIS 7).

Prerequisites

For information about the levels at which you can perform this procedure, and the modules, handlers, and permissions that are required to perform this procedure, see Authentication Feature Requirements (IIS 7).

Exceptions to Feature Requirements

  • None

Modules

  • AnonymousAuthModule

To configure anonymous authentication

You can perform this procedure by using the user interface (UI), by running Appcmd.exe commands in a command-line window, by editing configuration files directly, or by writing WMI scripts.

User Interface

To use the UI

  1. Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).

  2. In Features View, double-click Authentication.

  3. On the Authentication page, select Anonymous Authentication.

  4. In the Actions pane, click Edit to set the security principal under which anonymous users will connect to the site.

  5. In the Edit Anonymous Authentication Credentials dialog box, select one of the following options:

    • Specific user, if you want to configure a specific user account that IIS uses to access your site or application. Then click Set to open the Set Credentials dialog box, and type a user name and password for the identity. Then click OK.

    • Application pool identity, if you want IIS processes to run by using the account that is currently specified on the property page for the application pool. By default, this is the Network Service account.

Important

If you use the Network Service account, you grant anonymous users all the internal network access associated with that account.

  1. Click OK to close the Edit Anonymous Authentication Credentials dialog box.

Command Line

Use the following syntax to change the default account for anonymous access:

**appcmd set config /section:anonymousAuthentication /userName:string/password:**string

The variable userName string is the account IIS uses for anonymous authentication and the variable password string is the password, which is encrypted in the configuration file by default. For example, to use an account named Moe and a password of pssword1for anonymous access, type the following at the command prompt, and then press ENTER:

appcmd set config /section:anonymousAuthentication /userName:Moe/password:pssword1

For more information about Appcmd.exe, see Appcmd.exe (IIS 7).

Configuration

The procedure in this topic affects the following configuration elements:

<anonymousAuthentication>

For more information about IIS 7 configuration, see https://go.microsoft.com/fwlink/?LinkId=88551 on the MSDN site.

WMI

The procedure in this topic affects the following WMI classes, methods, or properties:

  • AnonymousAuthenticationSection class

For more information about WMI and IIS, see Windows Management Instrumentation (WMI) in IIS 7. For more information about the classes, methods, or properties associated with this procedure, see the IIS WMI Provider Reference on the MSDN site.

See Also

Concepts

Configuring Authentication in IIS 7
Enable Anonymous Authentication (IIS 7)