[thelist] Native website authentication - IIS 5

Ken Schaefer ken at adOpenStatic.com
Fri Oct 31 18:43:51 CST 2003

From: "Tab Alleman" <Tab.Alleman at MetroGuide.com>
Subject: [thelist] Native website authentication - IIS 5

: I googled, and just got soooooooo many results..
: Can anyone recommend a GOOD tutorial on implementing
: native website authentication in IIS 5?
: I pretty much just need to learn how to:

Native Authentication? You mean authenticating using Windows
usernames/passwords? If so, in the IIS Manager, uncheck "Allow Anonymous
Authentication", and enable one or more of the other options. Integrated
Windows Authentication only works for IE clients. Basic works for almost all
clients, but is relatively insecure (ie consider using SSL as well).

If you wish to then restrict who can view the sites (i.e who's authorised,
remove the Everyone (RX) NTFS permissions from the actual physical files,
create your own group, put the allowed users into it, and give that group RX

: Turn it on for certain websites and set options like session timeout;
: Use ASP to access user variables (mainly the UserID).

Authentication method can be set on a file-by-file (or folder-by-folder)
basis. Session Timeout can be set via the IIS MMC Snapin on a web
application by web application basis - again this is in the IIS MMC Snapin.

Start -> Settings -> Control Panel -> Admin Tools -> IIS Manger -> Website,
right-click properties -> Home Dirctory -> Configuration -> App Options

To get User Id, use something like Request.ServerVariables("Auth_User")

All Request.ServerVariables:


Microsoft MVP - Windows Server (IIS)

More information about the thelist mailing list