both anonymous AND windows integrated auth... what is the precedence

Web Server Talk > Web Servers reviews > IIS server support > IIS Server Security > both anonymous AND windows integrated auth... what is the precedence

Last Thread Next Thread Next

both anonymous AND windows integrated auth... what is the precedence

Stephanie Stowe

09-27-04 10:55 PM

Hi. I am troubleshooting a problem at a customer site. I have never mixed
authentication on servers so I do not know what is supposed to happen. If I
have a server with a site that has anonymous AND windows integrated auth set
up, and a person hits a web page on that site, whose credentials are used?
Could it be that the windows integrated auth takes precedence over
anonymous?

Thanks

S

[ Post a follow-up to this message ]

Re: both anonymous AND windows integrated auth... what is the precedence

Miha Pihler

09-27-04 10:55 PM

Hi Stephanie,

AFAIK anonymous is used first. If Anonymous can't be used (IUSR doesn't have
necessary permissions) it will try Integrated Authentication (if IIS allows
it). If Anonymous is not allowed and e.g. basic and integrated
authentication is selected, then first more secure authentication is used
(in above case IA) followed by less secure (in above case basic auth).

Mike

" Stowe" <NoSpam@IWishICould.com> wrote in message
news:%23UTtvfLpEHA.2536@TK2MSFTNGP10.phx.gbl...
> Hi. I am troubleshooting a problem at a customer site. I have never mixed
> authentication on servers so I do not know what is supposed to happen. If
I
> have a server with a site that has anonymous AND windows integrated auth
set
> up, and a person hits a web page on that site, whose credentials are used?
> Could it be that the windows integrated auth takes precedence over
> anonymous?
>
> Thanks
>
> S
>
>

[ Post a follow-up to this message ]

Re: both anonymous AND windows integrated auth... what is the precedence

Tom Kaminski [MVP]

09-27-04 10:55 PM

"Stephanie Stowe" <NoSpam@IWishICould.com> wrote in message
news:%23UTtvfLpEHA.2536@TK2MSFTNGP10.phx.gbl...
> Hi. I am troubleshooting a problem at a customer site. I have never mixed
> authentication on servers so I do not know what is supposed to happen. If
> I
> have a server with a site that has anonymous AND windows integrated auth
> set
> up, and a person hits a web page on that site, whose credentials are used?
> Could it be that the windows integrated auth takes precedence over
> anonymous?

This explains the order of precedence:
http://support.microsoft.com/?kbid=264921

Anonymous will be tried first - unless the user has already authenticated.

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsser...ty/centers/iis/
http://mvp.support.microsoft.com/
http://www.iisfaq.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://www.tryiis.com

[ Post a follow-up to this message ]

Re: both anonymous AND windows integrated auth... what is the precedence

Stephanie Stowe

09-28-04 01:27 PM


"Stephanie Stowe" <NoSpam@IWishICould.com> wrote in message
news:#UTtvfLpEHA.2536@TK2MSFTNGP10.phx.gbl...
> Hi. I am troubleshooting a problem at a customer site. I have never mixed
> authentication on servers so I do not know what is supposed to happen. If
I
> have a server with a site that has anonymous AND windows integrated auth
set
> up, and a person hits a web page on that site, whose credentials are used?
> Could it be that the windows integrated auth takes precedence over
> anonymous?
>
> Thanks
>
> S
>
>

Thanks both. Much oblidged.

S

[ Post a follow-up to this message ]