Access Methods

Access Methods

To prevent unauthorized users from establishing a Web (HTTP) connection to restricted content, you can configure your Web server to identify, or authenticate, users. The authentication process involves determining whether a user has a valid Windows NT user account that has appropriate Windows NT File System (NTFS) permissions for accessing a particular Web site, directory, or file.

Allow Anonymous

Typically, all users attempting to establish a Web (HTTP) connection with your Web server should log on as anonymous users. When a user establishes an anonymous connection, your server will log on the user with an anonymous or guest account, which is a valid Windows NT user account. This account has security restrictions that limit the type of Web content that anonymous users can access.

Set the Windows NT user account to use for all anonymous connections. This account has security restrictions, determined by your Windows NT Files System (NTFS) permissions, that limit the type of Web content anonymous users can access.

By default, Internet Information Server creates and uses the account IUSR_computername. When you installed your Web server, Setup created the account IUSR_computername in Windows NT User Manager for Domains and in Internet Service Manager.

The IUSR_computername is granted Log on Locally user rights by default. This right is necessary if you want to grant anonymous logon access to your site. For more information, consult your Web server security documentation.

Basic Authentication

Select this check box to enable your Web server æs Basic authentication method, which is a widely used, industry standard method for identifying users.

Your Web server will only use Basic Authentication under the following conditions:

Anonymous access disabled.
Anonymous access denied because Windows NT permission have been set, requiring the users to provide a Windows NT user name and password before establishing a connection with restricted content.

During the Basic authentication process, the userÆs Web browser will prompt the user to enter a valid Windows NT account user name and password.

Warning

The Basic authentication process results in the transmission of passwords across the network in an unencrypted form. A determined computer vandal, equipped with a network monitoring tool, could intercept user names and passwords.

Edit

Users attempting to establish a connection with the Basic authentication method must specify their logon domain. However, you can select this check box to specify a default logon domain for users who do not explicitly specify their domain.

Windows NT Challenge/Response When this check box is selected, you enable your Web serverÆs Windows NT Challenge/Response authentication methods. Microsoft Internet Explorer, version 2.0 or later, is the only Web browser that currently supports this authentication method.

Once enabled, your Web server will only use Windows NT Challenge/Response authentication under the following conditions:

Anonymous access disabled.
Anonymous access denied because Windows NT permission have been set, requiring the users to provide a Windows NT user name and password before establishing a connection with restricted content.

During the Windows NT Challenge/Response authentication process, your Web server engages in a cryptographic information exchange with the userÆs Internet Explorer Web browser. The userÆs Web browser does not send actual Windows NT account password information across the network.