Configuring Web Site Authentication

Applies To: Windows Server 2003, Windows Server 2003 with SP1

The Web site authentication methods you choose are determined by whether you deploy your Web sites and applications on an intranet or the Internet and the relation of the users accessing the Web sites and applications to your organization.

Intranet-based Web sites and applications

With intranet-based Web sites and applications, you can typically mandate the type of authentication that is used because the clients are controlled by your organization. In most instances, use Integrated Windows authentication to provide single sign on for users and the strongest possible protection of user credentials. If you are unable to use Integrated Windows authentication, then select the next strongest authentication method from the authentication methods that are described in Table 3.9 in Selecting a Web Site Authentication Method later in this section.

Internet-based Web sites and applications

With Internet-based Web sites and applications, you typically need to support a broad range of client operating systems and browsers because users outside your organization own the clients. Anonymous access and Basic authentication are the most common authentication methods used for Internet-based Web sites and applications. For more information about these authentication methods, see Selecting a Web Site Authentication Method later in this section.

Configure Web site authentication by completing the following steps:

1. Select the authentication methods for each Web site.

2. Configure the authentication methods for each Web site.