Enabling Windows NT Challenge/Response Authentication

You can configure the Windows NT Challenge/Response authentication feature to verify a user's identity before granting access to Web sites, files, or directories. Windows NT Challenge/Response authentication uses a cryptographic technique for authenticating users, and does not require the transmission actual passwords across the network. For more information, see About Authentication.

Enabling Windows NT Challenge/Response authentication does not automatically configure your Web server to authenticate users. Authentication will occur only under the following circumstances:

• Anonymous access is disabled.
• Anonymous access fails because the anonymous user account does not have permission to access a specific Windows NT File System (NTFS) file or resource.

Important   

• You can use Windows NT Challenge/Response authentication only if the user's browser supports this authentication method. Microsoft Internet Explorer, version 2.0 or later, is the only browser that currently supports Windows NT Challenge/Response authentication.
• When you set security properties for a specific Web site, you automatically set the same security properties for directories and files belonging to that site, unless the security properties of the individual directories and files have been previously set.
• Your Web server will prompt you for permission to reset the properties of individual directories and files when you attempt to set security properties for your Web site. If you choose to reset these properties, your previous security settings will be replaced by the new settings. The same condition applies when you set security properties for a directory containing subdirectories or files with previously set security properties. For more information about setting properties, see Properties and Inheritance of Properties on Sites in About Web Sites.

1. Configure Windows NT File System (NTFS) permissions for the directory or file for which you want control access. Add the name of the user account or group, and then set the type of access. For more information, see Setting Access Permissions for a Directory or File.
2. In Internet Service Manager, select the directory or file, and open its property sheets. (If you have configured NTFS permissions for a directory corresponding to a Web site, then select that Web site and open its property sheets.)
3. Select the Directory Security or File Security property sheet. Under Anonymous Access and Authentication Control, click Edit.
4. In the Authentication Methods dialog box, select the Windows NT Challenge/Response check box.

Note   

• Your server will not switch to another authentication method if the user is initially denied access.
• WindowsáNT Challenge/Response authentication takes precedence over Basic authentication. This means that if the user's Web browser supports both authentication methods, the browser will use WindowsáNT Challenge/Response authentication.


5. Click OK.

© 1997 by Microsoft Corporation. All rights reserved.