Article ID: 301457
Article Last Modified on 3/29/2007
APPLIES TO
- Microsoft Internet Information Services 5.0, when used with:
- Microsoft Windows 2000 Standard Edition
This article was previously published under Q301457
IN THIS TASK
SUMMARY
This step-by-step article describes how to view or change IIS Authentication methods.
back to the top
Requirements
The following describes the necessary stuff that you will need:
- Windows 2000 Professional, Windows 2000 Server, and Windows 2000 Advanced Server
- Internet Information Server 5.0
View or change authentication methods
- Click Start, point to Programs, point to Administrative Tools, and click Internet Services Manager.
- In the console tree (left pane) of Internet Information Services, browse to the Web site that you want to work with.
- Right-click this Web site and click Properties.
- Click the Directory Security tab.
- Under Anonymous Access and Authentication Control, click Edit.
- In the Authentication Methods dialog box, select one or more appropriate methods.
- Click OK twice to exit the Web site Properties page and return to the Internet Information Services console.
Troubleshooting
- Enabling Basic authentication does not automatically configure your Web server to authenticate users. Windows user accounts must be created and the Windows NT file system (NTFS) permissions must be properly set. The disadvantage is that Web browsers that use Basic authentication transmit passwords in an unencrypted form. By monitoring communications on your network, someone can easily intercept and decipher these passwords by using publicly available tools. Therefore, Basic authentication is not recommended unless the connection is secured by using SSL. For more information about setting up SSL on IIS 5.0, click the following article number to view the article in the Microsoft Knowledge Base:
299525 How to set up SSL using IIS 5.0 and Certificate Server 2.0
- Integrated Windows authentication does not work across CERN compliant proxy servers (such as MS Proxy 2.0). It does work with some firewall applications (such as ISA).
- Digest authentication is supported only for domains with a Windows 2000 domain controller. Digest authentication completes only if the domain server for which a request is made has a plain-text copy of the requesting user's password. Because the domain controller has plain-text copies of passwords, it must be secured from both physical and network attacks. For more information about securing a domain controller, click the link to the Microsoft Windows 2000 Server Resource Kits in the "References" section. Microsoft Internet Explorer version 5.0 is the only browser that currently supports Digest authentication.
REFERENCES
For more information, see the following Web sites:
Internet Information Services 5.0 Authentication Methods
http://www.windowsitpro.com/articles/index.cfm?articleid=8443
IIS 101: The Basics of IIS Authentication
http://www.iisadministrator.com/Articles/Index.cfm?ArticleID=15843
222028 Setting Up digest authentication for use with Internet Information Services 5.0
Microsoft Windows 2000 Server Resource Kits
http://www.microsoft.com.nsatc.net/technet/prodtechnol/windows2000serv/reskit/default.mspx?mfr=true
Keywords: kbhowtomaster KB301457
