Configuring Authentication

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

You can require users to provide a valid Microsoft® Windows® user account name and password before they access any information on your server. This identification process is called authentication. Authentication, like many of the features in IIS, can be set at the Web site, directory, or file level. IIS provides the following authentication methods to control access to the content on your server.

Web Methods

• Anonymous Authentication in IIS 6.0: Gives users access to the public areas of your Web site without prompting them for a user name or password.

• Basic Authentication in IIS 6.0: Requires a previously assigned Windows account user name and password, also known as credentials.

• Digest Authentication in IIS 6.0: Offers the same functionality as Basic authentication, while providing enhanced security in the way that a user's credentials are sent across the network.

• Advanced Digest Authentication in IIS 6.0: Collects user credentials and stores them on the domain controller as an MD5 hash, or message digest.

• Integrated Windows Authentication in IIS 6.0: Collects information through a secure form of authentication where the user name and password are hashed before being sent across the network.

• .NET Passport Authentication in IIS 6.0: Provides a single sign-in service through SSL, HTTP redirects, cookies, JavaScript, and strong symmetric key encryption.

FTP Methods

• Configuring Anonymous FTP Authentication: Gives users access to the public areas of your FTP site without prompting them for a user name or password.

• Configuring Basic FTP Authentication: Requires users to log on with a user name and password corresponding to a valid Windows user account.