The Web Authentication Page

IIS Authentication requires users to provide a valid Microsoft Windows user-account name and password before they access any information on your server. Authentication, like many of the features in IIS, can be set at the web site or virtual directory level.

Anonymous Access & Authentication Control

Use Integrated Windows Authentication

Integrated Windows authentication is a secure form of authentication because the user name and password are hashed before being sent across the network. When you enable Integrated Windows authentication, the user's browser proves its knowledge of the password through a cryptographic exchange with your Web server, involving hashing. Integrated Windows authentication uses Kerberos authentication and NTLM authentication.

Allow anonymous web access

Anonymous authentication gives users access to the public areas of your Web Site or Virtual Directory without prompting them for a user name or password. When a user attempts to connect to your public Web Site or Virtual Directory, your Web server assigns the connection to a Windows user account. By default, the IUSR_computername account is included in the Windows user group Guests. This group has security restrictions, imposed by NTFS permissions, that designate the level of access and the type of content available to public users.

If you have multiple sites on your server or if you have areas of your site that require different access privileges, you can create multiple anonymous accounts, one for each Web Site or Virtual Directory. By giving these accounts different access permissions or by assigning these accounts to different Windows user groups, you can grant users anonymous access to different areas of your public Web content.

Account used for anonymous access

The following options are available:

• Use built-in Internet Guest Account (IUSR_computername) - Select this option if you want to assign the default IIS user account to handle incoming web content access.
• Installed user - You can configure an installed User Account to handle incoming web content access.
• Property based user - The user name can be set through a Windows Installer property.

Password

The following password options are available:

• Allow IIS to control the password - This mode indicates whether IIS should handle the user password for anonymous users attempting to access resources.
• Use predefined password - This mode is used to set the password when the user account name is set with a property; otherwise the password used is he one configured in the Users and Groups section.
• Use a property to set password - The password can also be set through a Windows Installer property.