Microsoft KB Archive/301457

= How to view or change Authentication methods in IIS =

Article ID: 301457

Article Last Modified on 3/29/2007

-

APPLIES TO


 * Microsoft Internet Information Services 5.0, when used with:
 * Microsoft Windows 2000 Standard Edition

-



This article was previously published under Q301457



IN THIS TASK
SUMMARY
 * Requirements
 * View Or Change IIS Authenication Methods
 * Troubleshooting

REFERENCES



SUMMARY
This step-by-step article describes how to view or change IIS Authentication methods.

back to the top

Requirements
The following describes the necessary stuff that you will need:
 * Windows 2000 Professional, Windows 2000 Server, and Windows 2000 Advanced Server
 * Internet Information Server 5.0

back to the top

View or change authentication methods

 * 1) Click Start, point to Programs, point to Administrative Tools, and click Internet Services Manager.
 * 2) In the console tree (left pane) of Internet Information Services, browse to the Web site that you want to work with.
 * 3) Right-click this Web site and click Properties.
 * 4) Click the Directory Security tab.
 * 5) Under Anonymous Access and Authentication Control, click Edit.
 * 6) In the Authentication Methods dialog box, select one or more appropriate methods.
 * 7) Click OK twice to exit the Web site Properties page and return to the Internet Information Services console.

back to the top

Troubleshooting
 Enabling Basic authentication does not automatically configure your Web server to authenticate users. Windows user accounts must be created and the Windows NT file system (NTFS) permissions must be properly set. The disadvantage is that Web browsers that use Basic authentication transmit passwords in an unencrypted form. By monitoring communications on your network, someone can easily intercept and decipher these passwords by using publicly available tools. Therefore, Basic authentication is not recommended unless the connection is secured by using SSL. For more information about setting up SSL on IIS 5.0, click the following article number to view the article in the Microsoft Knowledge Base:

299525 How to set up SSL using IIS 5.0 and Certificate Server 2.0

 Integrated Windows authentication does not work across CERN compliant proxy servers (such as MS Proxy 2.0). It does work with some firewall applications (such as ISA). Digest authentication is supported only for domains with a Windows 2000 domain controller. Digest authentication completes only if the domain server for which a request is made has a plain-text copy of the requesting user's password. Because the domain controller has plain-text copies of passwords, it must be secured from both physical and network attacks. For more information about securing a domain controller, click the link to the Microsoft Windows 2000 Server Resource Kits in the &quot;References&quot; section. Microsoft Internet Explorer version 5.0 is the only browser that currently supports Digest authentication.

back to the top

