Wednesday, July 21, 2010

Turning off anonymous authenticaion in IIS

How to configure IIS Web site authentication
Use an administrative account to log on to the Web server computer.
Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.

The Internet Information Services snap-in starts.
In the console tree, click * computer name where computer name is the name of the computer.
Right-click one of the following items, and then click Properties:
To configure authentication for all Web content that is hosted on the IIS server, right-click * computer name.
To configure authentication for an individual Web site, right-click the Web site that you want.
To configure authentication for a virtual directory or a physical directory in a Web site, click the Web site that you want, and then right-click the directory that you want, such as _vti_pvt.
To configure authentication for an individual page or file in a Web site, click the Web site that you want, click the folder that contains the file or the page that you want, and then right-click the file or the page that you want.
On the Item Name Properties dialog box where Item Name is the name of the item that you selected, click the Directory Security tab.

NOTE: If the selected item is an individual file, click the File Security tab.
Under Anonymous access and authentication control, click Edit.
Click to select the Anonymous access check box to turn on anonymous access. To turn off anonymous access, click to clear this check box.

NOTE: If you turn off anonymous access, you need to configure some form of authenticated access.
To change the account that is used for anonymous access to this resource, click Edit next to Account used for anonymous access.
In the Anonymous User Account dialog box, click the user account that you want to use for anonymous access.
Click to clear the Allow IIS to control password check box if you want to use the Windows LogonUser() API for user authentication.

NOTE: By turning this password control option off, this forces IIS to use normal authentication and to log the account on locally. You should turn this option off if users experience difficulty accessing resources such as files or Microsoft Access databases on a network computer.
Click OK.
Under Authenticated access, click to select the Basic authentication (password is sent in clear text) check box to turn on basic authentication. When you receive the following message, click Yes:
The authentication option you have selected results in passwords being transmitted over the network without data encryption. Someone attempting to compromise your system security could use a protocol analyzer to examine user passwords during the authentication process. For more detail on user authentication, consult the online help. This warning does not apply to HTTPS (or SSL) connections.

Are you sure you want to continue?
To select a domain with which to authenticate users that are using basic authentication, click Edit next to Select a default domain.
Type the domain that you want in the Domain Name box, and then click OK.

Note If you are concerned about security on your intranet because Basic Authentication transmits user name and password information in clear text, you can use Basic authentication together with Secure Sockets Layer (SSL).
Click to select the Digest authentication for Windows domain servers check box to use digest authentication. When you receive the following message, click Yes:
Digest authentication works with Windows 2000 domain accounts only and requires the accounts to store passwords as encrypted clear text.

Are you sure you wish to continue?
NOTE: You must configure user accounts with the Store password using reversible encryption account option turned on.
Click to select the Integrated Windows authentication check box to use integrated Windows authentication.

NOTE: This authentication method was formerly known as Microsoft Windows NT Challenge/Response or NT LAN Manager (NTLM).
Click OK, and then in the Item Name Properties dialog box, click OK. If the Inheritance Overrides dialog box opens:
Click Select All to apply the new authentication settings to all of the files or the folders that are within the item that you changed.
Click OK.
Quit Internet Information Services.

No comments:

Post a Comment