Google
AspAlliance.com Web
AspAlliance
Register
Edit My Profile
Author List
Write for Us
About AspAlliance
Contact Us
Privacy Policy
Link To Us
Advertise

Subscribe
Free Newsletter
Newsletter Archive
RSS Syndication

.NET Tutorials
Learn .NET
Learn WCF
Learn WPF
Learn ASP.NET
Learn AJAX
Learn Silverlight
Learn Visual Studio
Learn ADO.NET
Learn LINQ
Learn C# (CSharp)
Learn VB.NET
Learn Web Services
Learn Controls
Learn BizTalk
Learn SharePoint
Learn Mobile
Learn SQL
Learn SQL Reporting
Learn Windows Forms
Learn XML
Learn Crystal Reports
Learn FarPoint
Learn DevExpress
Examples
ASP.NET 2.0 Examples

ASP Tutorials
Learn ASP
Learn VBScript
Learn JScript
Learn SQL
Learn XML

Software Resources
Shopping Cart Ecommerce
Charts and Dashboards

Other Resources
Learn Java
Learn Oracle
Opinion / Editorial
Crystal Reports Alliance
WPF Resources
AJAX Resources
Silverlight Resources

Free Tools
Cache Manager
SimpleCMS

Reviews
Book Reviews
Product Reviews
Expert Advice

Books
ASP.NET Developer's Cookbook
Sample Chapters
Book Reviews

Community
Regular Expressions

Print This Article Print  Add To Favorites Add To Favorites    Email This Article To A Friend Email To Friend  Rate This Article Rate This Article   
Understanding Internet Information Services - Part 1
page 4 of 7
by Uday Denduluri
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 34491/ 67
IIS Authentication

Authentication is identifying a user before actually deciding whether he can be given access to the requested resource(s). IIS provides various authentication schemes. Let us see each one of them in brief.

·         Anonymous – This type of authentication gives users access to all the public areas of the web application without asking for a user ID or password. This kind of authentication is used where performance is a key and security is not a criterion. We can use this kind of authentication where we do not want to authenticate clients to the individual basis. By default, the anonymous authentication is enabled and uses the IUSR_machinename user account. The password for the user account is controlled by IIS.

·         Integrated Windows Authentication – This type of authentication can be used either with NTLM or Kerberos V5 authentication. This authentication can only work with Internet Explorer 2.0 and later.

·         Initially for the first response from IIS, Internet Explorer will try to recognize the header (Negotiate). Upon understanding the negotiate header the browser (IE) returns the information for both NTLM and Kerberos. Upon receiving the request IIS will decide whether to use Kerberos or NTLM based on the Internet Explorer version and windows type. This type of authentication is best suited for the Intranet applications.

·         Basic Authentication – Basic authentication is based on the HTTP 1.0 specification. When we use this type of authentication, the browser prompts the user for a user name and password. Once the user name and password are provided it is transmitted across HTTP in the form of plain text. To enhance security we can use SSL on top of basic authentication at the expense of some performance. The advantage of using this type of authentication is the ability to track the individual users, unlike the anonymous authentication.

·         Digest Authentication – Digest Authentication tries to address the weakness of Basic Authentication (sending user ID and password in plain text). Here instead of exposing the user ID and password in plain text, it will be sent by applying a hash function or a digest algorithm. Initially for the first request IIS sends a challenge to the client to create a digest and send it to the server. The client then applies a digest algorithm (specified by the server) to the combined data. The client sends the resulting digest to the server as the response to the challenge. The server then decrypts it to compare both.
View Entire Article

User Comments

Title: Thanks   
Name: harika
Date: 2011-08-04 5:29:40 PM
Comment:
It is very nice, thank you so much..
Title: app support   
Name: pt
Date: 2009-10-09 4:58:14 PM
Comment:
Thank you, this is defintely a start to understanding IIS.
Title: -   
Name: Dan
Date: 2007-08-17 3:58:35 AM
Comment:
Nice read, well done

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2024 ASPAlliance.com  |  Page Processed at 2024-04-23 10:59:05 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search