Re: IIS Authentication Methods

From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 16 Nov 2006 13:14:52 +0000 (UTC)

it is answer #3 :)

IIS will first try anonymous - and if this fails, start the integarted auth handshake.

---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com

Hi All,

In IIS, One can set Authentication method for accessing a website.
(Virtual folder -> Properties -> Directory Security -> Anonymous
access and authentication control -> Edit -> Authentication Methods).

On Authentication Methods form, there are following four checkboxes:
1. Anonymous Access
2. Digest Authentication
3. Basic Authentication
4. Integrated Windows Authentication
Since these are checkboxes, more than one option can be selected at a
time.

My Question:
If user has selected Anonymous Access and Integrated Windows
Authentication
checkboxes:
1. Does this mean IIS will use Integrated Windows Authentication and
ignore
Anonymous Access method completely? OR
2. Does this mean IIS will first use Integrated Windows
Authentication. If
this fails then it will use Anonymous Access method.
What I am interested in is how IIS determines Authentication method
when more than one Authentication/Access method has been selected.

Thanks very much.

Regards,
Ajit

Prev by Date: ASP.NET Security problem trying to access MAPI
Next by Date: WindowsImpersonationContext and DirectoryServices
Previous by thread: ASP.NET Security problem trying to access MAPI
Next by thread: WindowsImpersonationContext and DirectoryServices
Index(es):
- Date
- Thread

Relevant Pages

Re: Windows Authentication problem with IIS6 (Win2k3)
... Authentication Protocol is Integrated ... Jeff - Thank you SOOOOO much - your suggestion to check out the IIS ... regardless of the IE setting regarding Enabling Integrated Windows ... >>I believe the problem to be something related to the Kerberos technology, ...
(microsoft.public.inetserver.iis)
Re: Windows Authentication problem with IIS6 (Win2k3)
... Authentication Protocol is Integrated ... Jeff - Thank you SOOOOO much - your suggestion to check out the IIS ... regardless of the IE setting regarding Enabling Integrated Windows ... >>I believe the problem to be something related to the Kerberos technology, ...
(microsoft.public.inetserver.iis.security)
Re: HELP PLEASE The request failed with HTTP status 401: Access Denied.
... Web Security: Part 2: Introducing the Web Application Manager, Client ... Authentication Options, and Process Isolation ... It introduces the Web Application Manager in IIS that ... logon session, which is dangerous. ...
(microsoft.public.dotnet.framework.aspnet.security)
RE: Can no longer access ActiveSync
... OMA and Exchange/Exchange-OMA virtual directory. ... Please verify Authentication settings by the following steps. ... Open IIS Manager ... issue may be caused by the Exchange attribute of original user account. ...
(microsoft.public.exchange.admin)
Re: Integrated Windows Authentication - 401: Access Denied
... try using iis authdiag, make sure all your permissions are squared away. ... > from a browser the Integrated Windows Authentication ... >>> Developing .NET application to acccess web services. ...
(microsoft.public.inetserver.iis.security)