Security

Previous Topic Next Topic

Not Allowing IIS to Control the Anonymous Password

When the password control option is not enabled, IIS 5.0 calls the LogonUser() Application Programming Interface (API) in Windows to log on the account. IIS passes in the user name and password configured by the administrator. If this matches the user name and password set up in Windows User Manager, the account is successfully logged on, the security token is cached by IIS 5.0, and the account is impersonated.


© 1997-1999 Microsoft Corporation. All rights reserved.