How to view or change Authentication methods in IIS (301457)


The information in this article applies to:

  • Microsoft Internet Information Services 5.0, when used with:
    • the operating system: Microsoft Windows 2000
This article was previously published under Q301457

IN THIS TASK

SUMMARY

This step-by-step article describes how to view or change IIS Authentication methods.

back to the top

Requirements

The following describes the necessary stuff that you will need:
    • Windows 2000 Professional, Windows 2000 Server, and Windows 2000 Advanced Server
    • Internet Information Server 5.0
back to the top

View or change authentication methods

  1. Click Start, point to Programs, point to Administrative Tools, and click Internet Services Manager.
  2. In the console tree (left pane) of Internet Information Services, browse to the Web site that you want to work with.
  3. Right-click this Web site and click Properties.
  4. Click the Directory Security tab.
  5. Under Anonymous Access and Authentication Control, click Edit.
  6. In the Authentication Methods dialog box, select one or more appropriate methods.
  7. Click OK twice to exit the Web site Properties page and return to the Internet Information Services console.
back to the top

Troubleshooting

  • Enabling Basic authentication does not automatically configure your Web server to authenticate users. Windows user accounts must be created and the Windows NT file system (NTFS) permissions must be properly set. The disadvantage is that Web browsers that use Basic authentication transmit passwords in an unencrypted form. By monitoring communications on your network, someone can easily intercept and decipher these passwords by using publicly available tools. Therefore, Basic authentication is not recommended unless the connection is secured by using SSL. For more information about setting up SSL on IIS 5.0, click the following article number to view the article in the Microsoft Knowledge Base:

    299525 How to set up SSL using IIS 5.0 and Certificate Server 2.0

  • Integrated Windows authentication does not work across CERN compliant proxy servers (such as MS Proxy 2.0). It does work with some firewall applications (such as ISA).
  • Digest authentication is supported only for domains with a Windows 2000 domain controller. Digest authentication completes only if the domain server for which a request is made has a plain-text copy of the requesting user's password. Because the domain controller has plain-text copies of passwords, it must be secured from both physical and network attacks. For more information about securing a domain controller, click the link to the Microsoft Windows 2000 Server Resource Kits in the "References" section. Microsoft Internet Explorer version 5.0 is the only browser that currently supports Digest authentication.
back to the top


REFERENCES

For more information, see the following Web sites:

Internet Information Services 5.0 Authentication Methods
http://www.windowsitpro.com/articles/index.cfm?articleid=8443

IIS 101: The Basics of IIS Authentication
http://www.iisadministrator.com/Articles/Index.cfm?ArticleID=15843

222028 Setting Up digest authentication for use with Internet Information Services 5.0

Microsoft Windows 2000 Server Resource Kits
http://www.microsoft.com.nsatc.net/technet/prodtechnol/windows2000serv/reskit/default.asp

back to the top
Modification Type:MajorLast Reviewed:3/10/2006
Keywords:kbHOWTOmaster KB301457
©2004 Microsoft Corporation. All rights reserved.