Microsoft KB Archive/313251

= HOW TO: Set Up Anonymous and Basic Authentication on the Same Web Content in IIS =

Article ID: 313251

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Internet Information Server 4.0
 * Microsoft Internet Information Services 5.0
 * Microsoft Internet Information Services 6.0

-



This article was previously published under Q313251



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



IN THIS TASK

 * SUMMARY
 * Configure an IIS Web Server
 * REFERENCES



SUMMARY
This step-by-step article describes how to set up both Anonymous and Basic authentication on the same Web content.

back to the top

Configure an IIS Web Server
Your network may contain a firewall to protect one or more IIS Web servers. You may want to set up a Web site so that internal network users can access the Web content with Anonymous authentication (that is, internal network users are not required to provide a user name and password). However, because external requests are routed through a firewall, external users must connect to the site with Basic authentication (which should be used in conjunction with SSL encryption).

To set up Anonymous and Basic authentication on the same Web content, follow these steps:

NOTE: In the following example, the Web content is stored in the E:\Inetpub\WWWroot\Test Site folder.
 * 1) Open the IIS Microsoft Management Console (MMC) Internet Services Manager.
 * 2) Create a new Web site and name it External Site.
 * 3) Bind External Site to a static IP address that maps to a Fully Qualified Domain Name (FQDN) from an authorized registrar (for example, Externaluser.Mysite.com), and make sure that External Site points to E:\Inetpub\WWWroot\Test Site.
 * 4) Install a server certificate on External Site. Set the site to use Basic authentication only.
 * 5) On the Domain Name System (DNS) Server, create a new host record. Obtain the static IP address that is described in step 3.
 * 6) Create a new site and name it Internal Site. Set the IP address to All Unassigned. Set the local path for Internal Site to E:\Inetpub\WWWroot\Test Site.
 * 7) Set the authentication on Internal Site to Integrated Windows authentication (IIS 5.0 and later), Windows NT Challenge/Response (IIS 4.0), or Anonymous authentication, depending on your needs.

back to the top

