Problem solve Get help with specific problems with your technologies, process and projects.

How to implement IIS authentication settings

In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin reviews how to set IIS authentication permissions and allow open access to Web sites hosted on the server.

I have installed a standalone IIS server on a Windows 2000 system. How can I switch off the authentication window that pops up on a remote computer when trying to access the page?
This depends on what you're trying to do. If you want to allow open access to a Web site hosted on your Internet Information Services ( IIS), you'll need to check two settings on the server to see which is blocking the site.

There are two levels of authentication for an IIS server hosted on Windows 2000: Web authentication and New Technology File System (NTFS) permissions.

IIS authentication is set through the Internet Service Manager (ISM), which can be accessed from the server's Administrative Tools menu. Under the Directory Security tab, there are a variety of authentication options that can be checked off. These include options for Basic Authentication, Digest Authentication, as well as Integrated Windows Authentication.

The ISM allows more than one type of authentication to be selected. The pop-up window you describe could be a Basic or Digest authentication window, so make sure these two options are deselected.

The other reason for the authentication window issue could be that the NTFS permissions in the server's root directory may have been set to restrict access. This directory is usually located here: C:Inetpubwwwroot. If you want to remove any logon windows or have open access, go to this location and check the Everyone box; this will allow anyone to have free access to the directory.

From the perspective of the Windows 2000 machine itself, these Web server directories are just like any other directory on the server and can be configured separately.

More information:

  • Michael Cobb explains how to create access rules and configure IIS server permissions.
  • Using a different Web server? Learn some non-IIS best practices.
  • This was last published in March 2007

    Dig Deeper on Web application and API security best practices

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.