Microsoft Internet Information Server (IIS) provides security features that are fully integrated with Windows. IIS can be configured to authenticate, or determine a user's Windows user account identity, before allowing that user to establish a network connection with the server. This identification process is commonly called authentication. Authentication, like many of the features in IIS, can be set at the web site, directory, or file level. With the authentication options offered by IIS, an authentication method can be chosen that meets both the security requirements and the capabilities of the user's web browser.
Five methods of authentication are supported that confirm the identity of anyone requesting access to a web site. These methods can be used to grant access to public areas of a site, while preventing unauthorized access to the site's private files and directories. User authentication occurs only when anonymous access is disabled, or when NTFS permissions require users to identify themselves with a valid Windows user account user name and password. Anonymous authentication gives users access to your web site without prompting them for a user name or password.
Note: For more information about anonymous access refer to Understanding Anonymous Access and the ISUR Account (TechNote 15378).