Setting Web Site Authentication

  • Article

Applies To: Windows Server 2003, Windows Server 2003 with SP1

You can require users to provide a valid Windows user account name and password before they access any information on your server. This identification process is called authentication. Authentication, like many of the features in IIS, can be set at the Web site, directory, or file level.

This section contains step-by-step procedures for configuring Web site authentication. For information about configuring FTP sites, see Setting FTP Site Authentication later in this appendix.

To set Web authentication, choose from the following authentication methods:

  • Anonymous authentication. This authentication method gives users access to the public areas of your Web site without prompting them for a user name or password.

  • Basic authentication. This authentication method requires a previously assigned Windows account user name and password, also known as credentials.

  • Digest authentication. This authentication method offers the same functionality as Basic authentication, while providing an additional level of security because the user's credentials are not sent over the network in plaintext.

  • Advanced Digest authentication. This authentication method offers similar functionality to Digest authentication; however, collects user credentials and stores them on the domain controller as an MD5 hash, or message digest. Advantages of this authentication are that the worker process does not need to run as local system and the user password is not stored as plaintext on the domain controller. This authentication method requires a Windows Server 2003 domain controller infrastructure.

  • Integrated Windows authentication. This authentication method collects information through a method where the user name and password are hashed before being sent across the network.

  • Certificate authentication. This authentication method adds SSL security through client or server certificates. For information about this type of authentication, see Obtaining and Backing Up Server Certificates.

  • .NET Passport authentication. This authentication method provides a single sign-in service that is HTTP cookie-based.