Re: Authenticate user and allow anonymous access
From: Joseph Geretz (email@example.com)
From: "Joseph Geretz" <firstname.lastname@example.org> Date: Sat, 15 Mar 2003 20:40:12 -0500
> Just turn on Basic Auth and Integrated. Turn off Anonymous and create a
> generic username and password for users that do not have domain accounts.
> This would be a domain account but a restriced domain account with out
> local types of permissions.
How will this work? As Stefan said above, some users are coming in without
credentials and he doesn't want them to be challenged, he'd like them to
succeed as Anonymous. With what you have suggested, Anonymous users will be
challenged for credentials since you have disabled Anonymous.
Or am I missing something?
> "Joseph Geretz" <email@example.com> wrote in message
> > Hi Stefan,
> > > This will not work, simply because when checking both Windows
> > > Integrated Authentication and Anonymous Access, IIS will default to
> > > the lowest and never begin a challenge of the user, causing the
> > > credentials to never be passed on to the application.
> > I thought this might be the case. Oh well...
> > > Anyone that has an idea/hack/whatever on how to do this, please let me
> > > know.
> > Here's a hack: IIS allows you to replace specific error pages with your
> > page. Set up two virtual directories into your site; Anon & Auth. Anon
> > allows anonymous access, Auth disallows anonymous. By default, users
> > on Auth. If they have credentials, they are in. All url's on the site
> > be relative, so as they continue to browse they kep coming in through
> > Auth virtual directory.
> > If they do not have credentials, that will fire an IIS error (505 I
> > Remap your IIS 505 (or whatever) error to a page which simply redirects
> > anonymous users to the Anon virtual directory. Again, since all url's on
> > site are relative, as they continue to browse they kep coming in through
> > Anon virtual directory.
> > Not bullet-proof. Network users, can explicitly 'jump' over to Anon of
> > want. But if user's 'play by the rules' that is they use the links
> > by the application, rather than using the browser url bar, this might
> > for you.
> > Like I said, it's a hack.
> > Hope this helps,
> > Joseph Geretz