We help IT Professionals succeed at work.

why authentication is needed for a created site

myship
myship used Ask the Experts™
on
please go to
http://demo.myexpressship.com/

adn you will get a popup to login. now the login works when i enter the admin username and pass

however, i want it to work without authentication.

i created the new site on iis 6 win 2003

i guess somewhere i am missing permissions or sth

thanks in advance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
adding the administrator in the security tab authentication worked.
it was already enabled which was confusing.


but i have a question.

since i added the administrator to be used would that be a security thread somehow?

and is there a better user that can be used?

thanks.
so far it shouldn't be  issue,, but always try to monitor the your website for external access
Tray896SharePoint Engineer

Commented:
It sounds to me like you said that you setup the local admin account as the anonymous user account for your website.  This is a very bad idea from a security perspective.  It means that every user hitting your site is running in a context that has administrator privileges on the server.  

What you should do is go to directory security and edit the anonymous user account.  Set it to the IUSR_Machinename local account.  You'll then need to make sure that IUSR account has at least read NTFS permissions to your content.  This is a much better approach than setting the local admin as the anonymous user.

Author

Commented:
well the issue is that when i create the site the IUSR_myexpressship is already there and it gives me that popup to login.

its not until i set the admin as anonymous that the site did not require the user to login.

other sites on the server use the same user: IUSR_myexpressship  but it does not require the login.

so how can i use IUSR_myexpressship  as the anon. login

thanks,

Author

Commented:
i am using iis 6

in the directory security tab, when you click on edit anonymous access
you will get a new window and at the bottom half it says:

For the following authentication methods, user name and password are required when:
- anonymous access is disabled, or
- access is restricted using NTFS access control lists

so since anonymous  access is enabled and the IUSR_ user is added, maybe its the second option.

how can i check the second option?

thanks.

Author

Commented:
thanks.