in IIS versions? I am wondering what effect of setting in w...">
Geek Answers Handbook

What is the effect of <authentication mode = "windows"> in IIS versions?

I am wondering what effect of setting <authentication mode="windows"> in web.config is in another version of IIS.

I believe that in IIS 5 this has practically no effect, since all this is integrated and controlled by the web server.

In IIS 6 and 7, I believe that I can configure the web server for anonymous access, and then each hosted web application can, in turn, determine whether it wants to use Windows authentication by setting the mode. In other words, web.config manages ASP.NET in these versions of IIS and overrides the server.

I am looking for white paper or some kind of link that will support this not only as my observational experience

+6
web-config iis-7 windows-authentication iis-6 iis-5
source share
2 answers

As far as I know, there were few changes between 5 and 6 in terms of security. However, IIS 7 has undergone a major overhaul and is slightly different from IIS 6 (but IIS 7 allows you to work in "compatibility" mode, so your applications will behave almost the same as in IIS 5 and 6).

There are some useful articles that can help:

0
source share

IIS 5 is also deprecated (Windows XP will die next year). There is little point in discussing further details about this, although your understanding is not correct, as far as I remember.

This parameter alone determines how the ASP.NET framework interprets the local user token passed by IIS (because IIS authenticates in advance using its authentication providers). Thus, for IIS 6/7/8, when you install this on the ASP.NET side, you need to carefully check what is the appropriate setting on the IIS side.

For example, when the IIS side uses anonymous / (integrated) Windows / Basic / Digest authentication, various types of user tokens will be transferred to ASP.NET.

http://msdn.microsoft.com/en-us/library/907hb5w9(v=vs.100).aspx

Therefore, your understanding β€œI can configure the web server for anonymous access, and then each hosted web application can in turn determine whether it wants to use Windows authentication by setting the mode toβ€œ incorrect. "If you intend to use Windows authentication for authentication client authentication, you must set it both on the IIS side and on the ASP.NET side. Starting with IIS 7, IIS Manager sets these parameters in the same place, but you still need to fully understand their differences and relationships.

For more information about ASP.NET authentication, you can refer to http://msdn.microsoft.com/en-us/library/eeyk640h(v=vs.100).aspx

0
source share

More articles:


All Articles