MORE INFORMATION

In order for ASP scripts to make a trusted connection to SQL Server using ActiveX Data Objects (ADO), the users must be authenticated when they browse the Web page making such a connection. If you force the users to authenticate themselves via Basic authentication, IIS has all information required to make the trusted connection to SQL Server. If any other authentication method is used (NT Challenge/Response or Anonymous), IIS is not be able to make this connection.

Note Using Basic authentication without SSL may compromise security on your Web server. Basic authentication transmits passwords over the network BASE64 encoded. This encryption is available publicly and can be used to decipher passwords. This means that anyone who is able to use a network sniffer to watch network transmissions will be able to decipher passwords sent through Basic authentication. To secure passwords that are sent over the network by using BASE64 encoding, always send these transmissions over an SSL connection.

Use the following steps to enable Basic authentication and disable other methods:

1. Click Start menu.
2. Select Programs.
3. Select Microsoft Internet Server.
4. Select Internet Service Manager.
5. Double-clickthe computer name for the WWW Service. This opens the Properties window.
6. On the Service tab of the tabbed dialog box there's a section marked Password Authentication. In this section clear the Allow Anonymous and the Windows NT Challenge/Response check boxes.
7. Select the Basic (Clear Text) check box.
8. Click 'OK'.

Change in the authentication methods will be effective immediately, and does not require the stopping of the WWW Publishing service.