Windows Authentication

[thomson]

Hi all,
I do have Windows Authentication in My Web application, and in
the IIS i have enabled anonymous authentication,


So it means that any user logging in will use the ASPNET user
account credentials to browse the web application.

Is there any other impact, does it mean that the user should be in
the active directory, or any user from any network can browse the
application


Regards

thomson

 

[Leon Mayne [MVP]]

Hi all,
I do have Windows Authentication in My Web application, and in
the IIS i have enabled anonymous authentication,

So it means that any user logging in will use the ASPNET user
account credentials to browse the web application.

Is there any other impact, does it mean that the user should be in
the active directory, or any user from any network can browse the
application

If you have anonymous access set in IIS and you haven't set any
authentication / authorisation options in your web.config then anyone will
be able to access the site, and yes, they will be running in the context of
the ASPNET account, which is a local account.

 

[thomson]

Hi Leon,

So if we have enabled anonymous authentication, you dont
have to be in a windows network, anybody from outside will be able to
access the application


Regards

thomson

 

[Leon Mayne [MVP]]

Hi Leon,

So if we have enabled anonymous authentication, you dont
have to be in a windows network, anybody from outside will be able to
access the application

If the machine is visible to the world through your network (e.g. through
your firewall) and you haven't set any IP restrictions in IIS, and you have
the underlying file permissions set so that the internet guest account /
ASPNET account can read the files then yes. Try using an external browser to
see if you can access it like http://anonymouse.org/