authentication. Integrated Windows Authentication is only used if Anonymous access is disabled or
denied as a result of NTFS permissions restrictions but is not supported over Proxy server connections.
• .NET Passport Authentication, which uses .NET passports to authenticate Web users. This is a single
sign-on mechanism. The incoming HTTP requests must have the passport credentials inside the query
string or as a cookie value. A hacker might compromise the cookie and expose the user to malicious
attacks. Therefore, Microsoft recommends that you implement .NET Passport Authentication over
IIS 6.0 provides a number of authentication methods that you can use to control access to you web sites and
FTP sites. These authentication methods are:
• Anonymous access, which enables the users to access the site without explicitly logging on. IIS will
impersonate the IUSR_<computer_name> account to execute scripts in this instance.
• Basic Authentication, which is a part of the HTTP 1.0 specification. It sends passwords over networks
in Base64-encoded format. The Basic Authentication method is an industry-standard method for
collecting user name and password information. Because Basic Authentication transmits passwords in an
unencrypted form it is not recommended unless you can secure the connection between the user and your
• Digest Authentication, which offers the same features as Basic Authentication but uses the hashing
method for transmitting the authentication credentials. Digest Authentication is structured to be usable
across proxy servers and other firewall applications. As Digest Authentication is a new feature of HTTP
1.1 it is not supported on all browsers. If a non-compliant browser makes a request on a server that
requires Digest Authentication, the server will reject the request and send the client an error message.
• Integrated Windows Authentication, which provides NTLM authentication for older versions of
Internet Explorer 3.0 that use it to cryptographically authenticate with IIS. Integrated Windows
Authentication also provides Web sites and new versions of Internet Explorer with Kerberos v5