Windows Authentication

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • thomson
    #1

    Windows Authentication

    Hi all,
    I do have Windows Authentication in My Web application, and in
    the IIS i have enabled anonymous authentication,


    So it means that any user logging in will use the ASPNET user
    account credentials to browse the web application.

    Is there any other impact, does it mean that the user should be in
    the active directory, or any user from any network can browse the
    application


    Regards

    thomson

    Tags: None
    • Leon Mayne [MVP]
      #2
      Re: Windows Authentication

      thomson wrote:[color=blue]
      > Hi all,
      > I do have Windows Authentication in My Web application, and in
      > the IIS i have enabled anonymous authentication,
      >
      > So it means that any user logging in will use the ASPNET user
      > account credentials to browse the web application.
      >
      > Is there any other impact, does it mean that the user should be in
      > the active directory, or any user from any network can browse the
      > application[/color]

      If you have anonymous access set in IIS and you haven't set any
      authentication / authorisation options in your web.config then anyone will
      be able to access the site, and yes, they will be running in the context of
      the ASPNET account, which is a local account.


        Comment

        • thomson
          #3
          Re: Windows Authentication

          Hi Leon,

          So if we have enabled anonymous authentication, you dont
          have to be in a windows network, anybody from outside will be able to
          access the application


          Regards

          thomson


          Leon Mayne [MVP] wrote:[color=blue]
          > thomson wrote:[color=green]
          > > Hi all,
          > > I do have Windows Authentication in My Web application, and in
          > > the IIS i have enabled anonymous authentication,
          > >
          > > So it means that any user logging in will use the ASPNET user
          > > account credentials to browse the web application.
          > >
          > > Is there any other impact, does it mean that the user should be in
          > > the active directory, or any user from any network can browse the
          > > application[/color]
          >
          > If you have anonymous access set in IIS and you haven't set any
          > authentication / authorisation options in your web.config then anyone will
          > be able to access the site, and yes, they will be running in the context of
          > the ASPNET account, which is a local account.[/color]

            Comment

            • Leon Mayne [MVP]
              #4
              Re: Windows Authentication

              thomson wrote:[color=blue]
              > Hi Leon,
              >
              > So if we have enabled anonymous authentication, you dont
              > have to be in a windows network, anybody from outside will be able to
              > access the application[/color]

              If the machine is visible to the world through your network (e.g. through
              your firewall) and you haven't set any IP restrictions in IIS, and you have
              the underlying file permissions set so that the internet guest account /
              ASPNET account can read the files then yes. Try using an external browser to
              see if you can access it like http://anonymouse.org/


                Comment

                Previous template Next
                Working...