WWW authentication methods with Microsoft Internet Information Server (IIS)
| Dreamweaver UltraDev is no longer supported, and the Dreamweaver UltraDev support center will no longer be actively updated. The functionality available in Dreamweaver UltraDev is available in Dreamweaver, beginning with Dreamweaver MX. Accordingly, we are moving pertinent content to the Dreamweaver support center. Please refer to the Dreamweaver version of this technote: WWW authentication methods with Microsoft Internet Information Server (IIS) (TechNote 19078). |
Microsoft Internet Information Server (IIS) provides security features that are fully integrated with Windows. IIS can be configured to authenticate, or determine a user's Windows user account identity, before allowing that user to establish a network connection with the server. This identification process is commonly called authentication. Authentication, like many of the features in IIS, can be set at the web site, directory, or file level. With the authentication options offered by IIS, an authentication method can be chosen that meets both the security requirements and the capabilities of the user's web browser.
Five methods of authentication are supported that confirm the identity of anyone requesting access to a web site. These methods can be used to grant access to public areas of a site, while preventing unauthorized access to the site's private files and directories. User authentication occurs only when anonymous access is disabled, or when NTFS permissions require users to identify themselves with a valid Windows user account user name and password. Anonymous authentication gives users access to your web site without prompting them for a user name or password.
Note: For more information about anonymous access refer to Understanding Anonymous Access and the ISUR Account (TechNote 15378).
Authentication methods
IIS provides the following authentication methods for controlling access to content on your server:
- Anonymous authentication allows anyone access without asking for a user name or password.
- Basic authentication will prompt the user for a user name and password, which are sent un-encrypted over the network.
- Digest authentication is a new feature that operates much like Basic authentication except that the passwords are sent as a hash value. A hash value is a number derived from a text message, such as a password. It is not feasible to decipher the original text from the hash value. Digest authentication is available only on domains with a Windows 2000 domain controller.
- Integrated Windows authentication uses hashing technology to identify the user without actually sending the password over the network.
- Certificates are digital credentials that can be used for establishing a Secure Socket Layer (SSL) connection. They can also be used for authentication.
Additional information
For more detailed information about WWW authentication methods, please refer to IIS Technical Documentation. If IIS is installed, the product documentation can be viewed by typing http://localhost/iisHelp/ in your browser address bar and pressing Enter.
For additional information, please refer to Setting Web Server Permissions (TechNote 15376).
For an excellent source of information on security issues with IIS, visit the Microsoft Security Advisor Web site.
This content requires Flash
To view this content, JavaScript must be enabled, and you need the latest version of the Adobe Flash Player.
Download the free Flash Player now!
