Security |
When the password control option is not enabled, IIS 5.0 calls the LogonUser() Application Programming Interface (API) in Windows to log on the account. IIS passes in the user name and password configured by the administrator. If this matches the user name and password set up in Windows User Manager, the account is successfully logged on, the security token is cached by IIS 5.0, and the account is impersonated.