IIS Authentication
ASP.NET authentication is a two-step
process. First, Internet Information Services (IIS) authenticates the user and
creates a Windows token to represent the user. IIS determines the
authentication mode that it should use for a particular application by looking
at IIS metabase settings. If IIS is configured to use anonymous authentication,
a token for the IUSR_MACHINE account is generated and used to represent the
anonymous user. IIS-then passes the token to ASP.NET.
Second, ASP.NET performs its own
authentication. The authentication method used is specified by the mode
attribute of the authentication element. The following authentication
configuration specifies that ASP.NET uses the FormsAuthenticationModule
class:
<authentication mode="Forms" />
Note Because forms
authentication does not rely on IIS authentication, you should configure
anonymous access for your application in IIS if you intend to use forms
authentication in your ASP.NET application.
No comments:
Post a Comment