We help IT Professionals succeed at work.

IIS: restrict access via  AD security groups


How do I restrict website (IIS) access to certain AD security groups only.

Watch Question

Technical Consultant
Distinguished Expert 2019
Remove anonymous and basic authentication then enable (Windows Integrated Authentication)

Windows Integrated authentication is more secure than basic authentication, and it functions well in an intranet environment where users have Windows domain accounts. In integrated Windows authentication, the browser tries to use the current user's credentials from a domain logon, and if this attempt is unsuccessful, the user is prompted to enter a user name and password. If you use integrated Windows authentication, the user's password is not transmitted to the server. If the user has logged on to the local computer as a domain user, the user does not have to authenticate again when the user accesses a network computer in that domain. Note that you must use Microsoft Internet Explorer 2.0 or later as your Web browser if you are using Windows Integrated authentication.

Note: You cannot use integrated Windows authentication through a proxy server.
More Info: https://support.microsoft.com/en-us/help/324276/how-to-configure-internet-information-services-web-authentication-in-w

Here is good guide on setting it up


Explore More ContentExplore courses, solutions, and other research materials related to this topic.