|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Authentication method ??Dear all,
When you check the authentication method for a web site under IIS configuration, by default it has the Enable Anonymous Acces and Integrated Windows Authentication set. If you have the Integarted Windows Authenticatin set, it means for me that you absolutly need to provide correct user information. So why the Anonymous Access is also set ? what is the meaning of having it as well as windows identification ? Thnaks for your help regards serge Hi
You can select both anonymous and Wondows Integrated together. In this case, when a user accesses your site, IIS will first attempt to access the relevant resources using the anonymous account. If either of the following happens: anonymous fails; resources are protected by NTFS permissions which do not allow access by the anonymous account then IIS will then attempt to authenticate via Windows Integrated. http://www.microsoft.com/windows2000/en/server/iis/default.asp?url=/windows2000/en/server/iis/htm/core/iiauths.htm One model used to allow anonymous access access to certain pages and restrict access to others is to set these two options (anonymous and integrated) in IIS, then grant or deny anonymous access to resources via NTFS permissions. Hope this helps Show quoteHide quote "serge calderara" wrote: > Dear all, > > When you check the authentication method for a web site under IIS > configuration, by default it has the Enable Anonymous Acces and Integrated > Windows Authentication set. > > If you have the Integarted Windows Authenticatin set, it means for me that > you absolutly need to provide correct user information. > > So why the Anonymous Access is also set ? what is the meaning of having it > as well as windows identification ? > > Thnaks for your help > regards > serge If you use both authentication mechanisms for a site (or virtual directory
or file), anonymous will be used until the user requests a resource that the anonymous-mapped user is not authorized to access. When the server sends a 401 response to the client for the protected resource, it will indicate that your selected Windows authentication mechanism should be used. Show quoteHide quote "serge calderara" <sergecalder***@discussions.microsoft.com> wrote in message news:9DBED855-C9C2-4DD8-9C97-70593D675DEB@microsoft.com... > Dear all, > > When you check the authentication method for a web site under IIS > configuration, by default it has the Enable Anonymous Acces and Integrated > Windows Authentication set. > > If you have the Integarted Windows Authenticatin set, it means for me that > you absolutly need to provide correct user information. > > So why the Anonymous Access is also set ? what is the meaning of having it > as well as windows identification ? > > Thnaks for your help > regards > serge Thnaks to both of you. sounds really clear for me now.
I did not know that type of behaviour Show quoteHide quote "Nicole Calinoiu" wrote: > If you use both authentication mechanisms for a site (or virtual directory > or file), anonymous will be used until the user requests a resource that the > anonymous-mapped user is not authorized to access. When the server sends a > 401 response to the client for the protected resource, it will indicate that > your selected Windows authentication mechanism should be used. > > > "serge calderara" <sergecalder***@discussions.microsoft.com> wrote in > message news:9DBED855-C9C2-4DD8-9C97-70593D675DEB@microsoft.com... > > Dear all, > > > > When you check the authentication method for a web site under IIS > > configuration, by default it has the Enable Anonymous Acces and Integrated > > Windows Authentication set. > > > > If you have the Integarted Windows Authenticatin set, it means for me that > > you absolutly need to provide correct user information. > > > > So why the Anonymous Access is also set ? what is the meaning of having it > > as well as windows identification ? > > > > Thnaks for your help > > regards > > serge > ~{ 
Other interesting topics
Digitally sign files from within a web application
how to grant the application the required permission? PGP - recommendations Storing a private key Use of Unrestricted flag ??? Problem authenticating against renamed Active Directory account Determine who created a file account shutdown notice account lock by conficker.b Cryptographic Streaming |
|||||||||||||||||||||||
