IIS Server Security - both anonymous AND windows integrated auth... what is the precedence

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > September 2004 > both anonymous AND windows integrated auth... what is the precedence





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author both anonymous AND windows integrated auth... what is the precedence
Stephanie Stowe

2004-09-27, 5:55 pm

Hi. I am troubleshooting a problem at a customer site. I have never mixed
authentication on servers so I do not know what is supposed to happen. If I
have a server with a site that has anonymous AND windows integrated auth set
up, and a person hits a web page on that site, whose credentials are used?
Could it be that the windows integrated auth takes precedence over
anonymous?

Thanks

S


Miha Pihler

2004-09-27, 5:55 pm

Hi Stephanie,

AFAIK anonymous is used first. If Anonymous can't be used (IUSR doesn't have
necessary permissions) it will try Integrated Authentication (if IIS allows
it). If Anonymous is not allowed and e.g. basic and integrated
authentication is selected, then first more secure authentication is used
(in above case IA) followed by less secure (in above case basic auth).

Mike

" Stowe" <NoSpam@IWishICould.com> wrote in message
news:%23UTtvfLpEHA.2536@TK2MSFTNGP10.phx.gbl...
> Hi. I am troubleshooting a problem at a customer site. I have never mixed
> authentication on servers so I do not know what is supposed to happen. If
I
> have a server with a site that has anonymous AND windows integrated auth
set
> up, and a person hits a web page on that site, whose credentials are used?
> Could it be that the windows integrated auth takes precedence over
> anonymous?
>
> Thanks
>
> S
>
>


Tom Kaminski [MVP]

2004-09-27, 5:55 pm

"Stephanie Stowe" <NoSpam@IWishICould.com> wrote in message
news:%23UTtvfLpEHA.2536@TK2MSFTNGP10.phx.gbl...
> Hi. I am troubleshooting a problem at a customer site. I have never mixed
> authentication on servers so I do not know what is supposed to happen. If
> I
> have a server with a site that has anonymous AND windows integrated auth
> set
> up, and a person hits a web page on that site, whose credentials are used?
> Could it be that the windows integrated auth takes precedence over
> anonymous?

This explains the order of precedence:
http://support.microsoft.com/?kbid=264921

Anonymous will be tried first - unless the user has already authenticated.

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsser...ty/centers/iis/
http://mvp.support.microsoft.com/
http://www.iisfaq.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://www.tryiis.com


Stephanie Stowe

2004-09-28, 8:27 am


"Stephanie Stowe" <NoSpam@IWishICould.com> wrote in message
news:#UTtvfLpEHA.2536@TK2MSFTNGP10.phx.gbl...
> Hi. I am troubleshooting a problem at a customer site. I have never mixed
> authentication on servers so I do not know what is supposed to happen. If
I
> have a server with a site that has anonymous AND windows integrated auth
set
> up, and a person hits a web page on that site, whose credentials are used?
> Could it be that the windows integrated auth takes precedence over
> anonymous?
>
> Thanks
>
> S
>
>

Thanks both. Much oblidged.

S


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com