Whether you’re building a Web site for a company intranet or a commercial server for Internet commerce, the first step in securing your Web application is to understand the relationship of Windows NT and Internet Information Server (IIS) security processes.
The following flowchart provides an overview of how these security features interact:
Note Active Server Pages often provide data access to a SQL Server database. SQL Server adds another level of complexity to implementing security with IIS. For more information on data access security using SQL Server, see the following topics in this chapter: Security and SQL Server.
To understand how Windows NT Security and IIS interact with one another, it’s important to realize the true nature of IIS. IIS is simply a tool for providing files to browsers requesting them. Since any interaction with a Windows NT machine requires an authentication security check, it follows that each request for a Web page triggers user authentication.
The available IIS user authentication methods and how they affect integration with your Windows NT network are discussed in the following topics, presented in this section:
Tip The Microsoft Management Console (MMC) is an extensible, common console framework for management applications. For more information on using MMC to configure and manage Internet Information Server, search for "Microsoft Management Console" in Internet Information Server Help. For more information on creating MMC components, search for "Microsoft Management Console" in MSDN Library Visual Studio 6.0.