CDFx
asked on
Unchecked "Allow IIS to control password" brings up login prompt for anon users.
Hi,
I'm using IIS5.1 on Windows XP Pro.
I need to have a specific password set for the IUSR_MachineName user. But whenever I uncheck the checkbox "Allow IIS to control password" (under Anonymous access) and set a password in the password field, anonymous users (ie: internet users, anon network users) get a login prompt when they visit my site.
How can I set a password for IUSR_MachineName, but also allow access to anonymous users without showing a login prompt.
Any help is appreciated. I can always increase the points to.
Regards,
Craig.
I'm using IIS5.1 on Windows XP Pro.
I need to have a specific password set for the IUSR_MachineName user. But whenever I uncheck the checkbox "Allow IIS to control password" (under Anonymous access) and set a password in the password field, anonymous users (ie: internet users, anon network users) get a login prompt when they visit my site.
How can I set a password for IUSR_MachineName, but also allow access to anonymous users without showing a login prompt.
Any help is appreciated. I can always increase the points to.
Regards,
Craig.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Actually if you do this the IUSR account will not use *any* password. When you allow IIS to control the password you actually enable a process called IIS SubAuthentication where inetinfo.exe effectively generates a token that tells the lcoal machine that this is the IUSR account and should be trusted as such. If you try to pass this credential to another machine it will show up as NT AUTHORITY/ANNONYMOUS which means no credentials were sent (not that the Anonymous account was used...).
If you need to use the IUSR account and have credentials passed to another machine you *must* manually specify them in both the Metabase and in Users and Groups. If you set 'Allow IIS to Control Password' it doesn't matter what the password is on the system since it isn't used.
(Took me about 18 months to realize this....) :-)
Dave Dietz
If you need to use the IUSR account and have credentials passed to another machine you *must* manually specify them in both the Metabase and in Users and Groups. If you set 'Allow IIS to Control Password' it doesn't matter what the password is on the system since it isn't used.
(Took me about 18 months to realize this....) :-)
Dave Dietz
an interesting and very subtle difference. i can see how it would cause some rather unexpected resuts if one were to go down that path.
cheers.
cheers.
if you need iusr to have a specific password, i'd suggest that you leave 'allow iis to control password' checked, and just change it at the local users & groups control.
(which i think is what dave is saying anyway)
cheers.