Search Search

#1 worldwide
FREE Coding Lessons
since 1996
   THE BEST WAY to learn ASP & Asp.net!
Advertise Here!
click for details 		Credits Host:
DiscountASP.net 		Server Admin:
The "Team" 		Contact Info.
Charles M. Carroll
my Blog
[prev. Lesson]  Authenticate: NT Challenge/Response by Kevin Flick
     [next Lesson]  Authenticate: Cookies by Kevin Flick

Authentication - IIS Basic Authentication
written and ©1998, 99 by Kevin Flick www.flicks.com creator of Authentix

IIS Basic Authentication is included as an option when you set up each IIS directory. Any directory you want to protect must be on a NTFS partition.

IIS Basic Authentication is the way to go if you accept the need for SSL and don't mind paying the performance penalty. You already have a certificate or you don't mind paying for one and setting it up.

You won't want to use IIS Basic Authentication if you are concerned about the security of your NT accounts and performance. IIS calls LogonUser and ImpersonateLoggedOnUser for each and every request, which is expensive in terms of CPU cycles.

Definitions

  • SSL = Secure Socket Layer.

How to set up IIS Basic Authentication

Setting up IIS Basic Authentication is similar to setting up NTCR.

  • In Internet Service Manager (IIS1-3) or the Microsoft Management Console for IIS (IIS4 and up) select the directory you want to protect. Turn on Basic (Clear Text) and turn off Windows NT Challenge Response. It is OK to leave Allow Anonymous on.
  • When you select Basic (Clear Text) you will be warned that you Windows NT usernames and passwords will be transmitted without being encrypted. For your NT accounts this is a pretty serious issue. You should only consider this option in combination with SSL, which is slow and requires you to buy a certificate from Verisign or Thawte (among others).
  • Create an account for the each user to whom you want to give access, remove the permissions for "IUSR_machinename" from the directory, and add permissions for the users you added.
    Alternatively you could set up a group, permit access to that group, and add permitted users to that group.
    Remember the user will need execute rights if the directory has any ASP, ISAPI extensions, counters etc.
There are many worthy charities!!. But perhaps help starving children in Africa or South America AND help Charles too. a $5 tip buys him lunch at McDonalds, a $20 tip buys his kid Hitoshi a new computer game, a $39 tip buys his daughter Michiko a few nice outfits. See our donor list.