Hello,
I'd like to enable "optional" authentication for a directory.  When a
browser first visits (per session) the directory, they should be prompted fo
r
authentication, and be able to cancel the sign in for anonymous access.
Provided that they authenticate, the scripts will present different options
for the user.  I do not have the guest account on my domain enabled, and I
would like to keep it that way...

Thanks,
William

[ Post a follow-up to this message ]

As far as I know, this is not possible to do with IIS & HTTP based
authentication methods (Basic, Digest etc). This is not a function of IIS,
but a function of how HTTP works.

You could either write your own application layer authentication system (eg
using ASP.NET, or php or whatever programming environment you are using), or
you might be able to use an ISAPI filter for this (the ISAPI filter would
trick IIS into thinking that some default credentials had been sent by the
client in the case that the client doesn't send anything).

Cheers
Ken

"wllmundrwd" <wllmundrwd@discussions.microsoft.com> wrote in message
news:E4A2EFA3-E3E7-4289-9F4F-1C52FB41D711@microsoft.com...
> Hello,
>  I'd like to enable "optional" authentication for a directory.  When a
> browser first visits (per session) the directory, they should be prompted
> for
> authentication, and be able to cancel the sign in for anonymous access.
> Provided that they authenticate, the scripts will present different
> options
> for the user.  I do not have the guest account on my domain enabled, and I
> would like to keep it that way...
>
> Thanks,
> William

[ Post a follow-up to this message ]

You might be able to cobble something up through a custom error page
though.  Maybe a 401.1 custom page that presented options for users
who didn't authenticate and then the standard page for those who do.
I'm not sure I'd choose that route over a custom authentication scheme
and not using Windows accounts, but it might work.

Jeff

On Fri, 27 Aug 2004 11:27:54 +1000, "Ken Schaefer"
<kenREMOVE@THISadOpenStatic.com> wrote:

>As far as I know, this is not possible to do with IIS & HTTP based
>authentication methods (Basic, Digest etc). This is not a function of IIS,
>but a function of how HTTP works.
>
>You could either write your own application layer authentication system (eg
>using ASP.NET, or php or whatever programming environment you are using), o
r
>you might be able to use an ISAPI filter for this (the ISAPI filter would
>trick IIS into thinking that some default credentials had been sent by the
>client in the case that the client doesn't send anything).
>
>Cheers
>Ken
>
>"wllmundrwd" <wllmundrwd@discussions.microsoft.com> wrote in message
>news:E4A2EFA3-E3E7-4289-9F4F-1C52FB41D711@microsoft.com... 
>

[ Post a follow-up to this message ]

The problem with using a custom 401 error page is that most browsers will
never display this - when they encounter a 401 status code, then popup a
login dialogue box. You would need something in your application that is
able to detect a 401 status, and then reset the status to something else (eg
200 OK). You can do this in ASP.NET relatively easily.

Cheers
Ken

"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
news:41341ac7.309986637@msnews.microsoft.com...
> You might be able to cobble something up through a custom error page
> though.  Maybe a 401.1 custom page that presented options for users
> who didn't authenticate and then the standard page for those who do.
> I'm not sure I'd choose that route over a custom authentication scheme
> and not using Windows accounts, but it might work.
>
> Jeff
>
> On Fri, 27 Aug 2004 11:27:54 +1000, "Ken Schaefer"
> <kenREMOVE@THISadOpenStatic.com> wrote:
> 
>

[ Post a follow-up to this message ]