Intoduction
In IIS you can setup various authentication methods for entire sites or virtual directories. These authentication methods determine who can access the Web pages in the site/virtual directory. The three Authentication methods available are:
1. Anonymous Access - This authentication method requires NO username or password to access the site. Anyone can just type in the URL and access the site. This is the default access method for IIS sites/virtual directories and is the authentication mode for 99.9999% of the World Wide Web.
2. Basic Authentication - The authentication method requires you to type in a valid NT login and password to gain access to the system (the NT login must be a valid NT login for the NT domain that the Web server is on). Where Basis Authentication is enabled you will get a popup window asking for the username and password when trying to first visit a resource in that protected site/virtual directory. After you enter the required information the username and password will be transmitted over the network WITHOUT any encryption. This will enable anyone trying to compromise your site examine passwords during the authentication process.
3. Windows NT Challenge/Response (referred to as Integrated Windows Authentication in IIS 5) - This is supposedly the most secure form of Authentication in IIS. When you login, NT validates your login and ONLY the username is transmitted over the network. No password is transmitted. So under no circumstances can your password be compromised. Note that this method will NOT work with Netscape!.
No comments:
Post a Comment