Ok, questions recently came up about why the MT Portal virtual directory in IIS was set to "Allow Anonymous" access. After doing a little research, here's the email response I came up with.
MT uses forms authentication, and therefore does not rely on IIS authentication. This is why IIS is set to allow Anonymous Access; it is an accepted practice.
http://msdn.microsoft.com/en-us/library/ff647070.aspx
I found some other links that are worth checking out:
In addition to relying on the authentication capabilities of IIS, you can perform authentication in ASP.NET. When considering ASP.NET authentication, you should understand the interaction with IIS authentication services.IIS assumes that a set of credentials maps to a Microsoft Windows NT account and that it should use thosecredentials to authenticate a user. The authentication methods used in IIS 7 are the following: anonymous,ASP.NET impersonation, basic, client certificate mapping, digest, forms, and Windows IntegratedSecurity (NTLM or Kerberos). You can select the type of authentication by using IIS administrative services.
If users request a URL that maps to an ASP.NET application, the request and authentication information
are handed off to the application. ASP.NET provides forms authentication. Forms authentication is a system
by which unauthenticated requests are redirected to an ASP.NET Web page that you create.
The user provides credentials and submits the page. If your application authenticates the request,
the system issues an authentication ticket in a cookie that contains the credentials or a
key for reacquiring the identity. Subsequent requests include an authentication ticket with the request.
NOTE: ASP.NET membership and ASP.NET login controls implicitly work with forms authentication.
No comments:
Post a Comment