CYA: Securing IIS 6.0: Cover Your A** By Getting It Right the First Time

Configuring Authentication

When IIS 6.0 attempts to read a resource from the server s disk, for example, a Hypertext Markup Language (HTML) page, an image, or an active server pages (ASP)/ASP.NET page, it impersonates a Windows user account. That user account s permissions are checked against the NT file system (NTFS) Access Control List (ACL) for the file in question to determine whether the requested action is permitted. In the special case where the end user is not required to supply credentials, IIS 6.0 impersonates the preconfigured Anonymous User account.

By the Book

IIS provides 7 different authentication mechanisms:

  • Anonymous Authentication Users do not have to supply credentials and a fixed user account is impersonated.

  • Basic Authentication Users are prompted to supply a username and password, which are sent unencrypted across the network. Basic authentication is supported by almost all browsers.

  • Digest Authentication A hash of the user s password is sent across the network. Digest authentication requires domain controllers to be running Windows 2000 or Windows 2003. Digest authentication requires user passwords to be stored using reversible encryption in Active Directory (AD).

  • Advanced Digest Authentication This is similar to digest authentication in that the same hash process is used for sending the user s password from client to server. With advanced digest authentication however, the user s password is already stored as a Message Digest (MD)5 hash in Active Directory, obviating the need to store the password using reversible encryption. Advanced digest authentication requires a Windows 2003...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Data Security Software
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.