Security

Previous Topic Next Topic

IIS 5.0 Authentication Modes

All users must be authenticated before they can gain access to resources in IIS 5.0. Each HTTP request from a browser runs on IIS 5.0 in the security context of a user account on the Windows operating system. IIS 5.0 executes the request in a thread that impersonates the user’s security context. An application, such as IIS 5.0, can have many simultaneous threads of execution internally, each acting on behalf of different users.

The operations that are performed during the execution of the HTTP request are limited by the capabilities granted to that user account in Windows. The user account needs to be created either on the IIS 5.0 server or in a domain of which the server running IIS 5.0 is a member. The latter is more common in intranet applications.

IIS 5.0 supports five Web authentication models:

There are also two FTP authentication models:

Before looking at each authentication scheme in detail, an explanation of Web authentication is necessary.

See the following:


© 1997-1999 Microsoft Corporation. All rights reserved.