We help IT Professionals succeed at work.

why authentication is needed for a created site

myship used Ask the Experts™
please go to

adn you will get a popup to login. now the login works when i enter the admin username and pass

however, i want it to work without authentication.

i created the new site on iis 6 win 2003

i guess somewhere i am missing permissions or sth

thanks in advance.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®


adding the administrator in the security tab authentication worked.
it was already enabled which was confusing.

but i have a question.

since i added the administrator to be used would that be a security thread somehow?

and is there a better user that can be used?

so far it shouldn't be  issue,, but always try to monitor the your website for external access
Tray896SharePoint Engineer

It sounds to me like you said that you setup the local admin account as the anonymous user account for your website.  This is a very bad idea from a security perspective.  It means that every user hitting your site is running in a context that has administrator privileges on the server.  

What you should do is go to directory security and edit the anonymous user account.  Set it to the IUSR_Machinename local account.  You'll then need to make sure that IUSR account has at least read NTFS permissions to your content.  This is a much better approach than setting the local admin as the anonymous user.


well the issue is that when i create the site the IUSR_myexpressship is already there and it gives me that popup to login.

its not until i set the admin as anonymous that the site did not require the user to login.

other sites on the server use the same user: IUSR_myexpressship  but it does not require the login.

so how can i use IUSR_myexpressship  as the anon. login



i am using iis 6

in the directory security tab, when you click on edit anonymous access
you will get a new window and at the bottom half it says:

For the following authentication methods, user name and password are required when:
- anonymous access is disabled, or
- access is restricted using NTFS access control lists

so since anonymous  access is enabled and the IUSR_ user is added, maybe its the second option.

how can i check the second option?