Microsoft Home Microsoft Home
Microsoft FrontPage Server Extensions Resource Kit logo  Microsoft FrontPage 2000 Server Extensions Resource Kit

Security on Windows NT

 3 of 9     How IIS Authenticates HTTP Requests

When IIS receives an HTTP request from a Web browser or from the FrontPage client, it does the following:

  1. The request is first attempted as the anonymous account, IUSR_machinename. If that account does not have sufficient access to complete the request, or if IIS does not have anonymous browsing enabled, then IIS returns error 401 ("Access Denied").
  2. IIS then performs user authentication to allow the remote user to identify himself or herself using Basic Authentication or Windows NT Challenge/Response. If the Web browser or FrontPage client is using Windows NT Challenge/Response, the user may not see a prompt, because the FrontPage client or the Web browser simply supplies the user name and password of the logged-in user from the client computer.
  3. IIS allows access to a file in the Web server only if the NTFS ACL for the file grants the correct permissions to the account being impersonated by the Web server.

 

 Security section art
Overview               
Security                 
  Introduction
  Security on
  Windows NT
  Security on UNIX
Setup                     
Administration      
Appendixes           
Index                    

   
 
  Last Updated November 1998
©1998 Microsoft Corporation. All rights reserved. Terms of Use.