anonymous access AND integrated windows authentication enabled on IIS 6.0 serverproblem. -- iis security

(tnishikawa NO[at]SPAM nsbgroup.com)
9/30/2004 1:36:10 PM

I am trouble shooting at a client site that has windows server 2003 & IIS 6. Our install sets up IIS to have anonymous access & windows authentication enabled (no other access is enabled). NTFS permissions are setup so that the anonymous user (IUSR_<machinename>) has read and execute permissions on our install folders.

When users come into the site, they are not impersonated by the anonymous user. From reading other postings, I assume the anonymous access user fails to get access to the site and so the integrated windows authentication kicks in next. What else do I need to check to ensure the anonymous access user has access? It is important for our application to have both access methods enabled and to recognize the anonymous user when users first come in.

**********************************************************************
Sent via Fuzzy Software @ http://www.fuzzysoftware.com/

Ken Schaefer
10/1/2004 8:59:35 AM

Hmmm,

a) Why do you think that the anonymous user account is not being
impersonated?
b) What account do you think is being used (for example, ASP.NET pages will
use the Web App Pool identity to access the pages)?
c) Anything in the Windows Event Logs that might help indicate why IIS is
not logging on the configured anonymous user account?

Cheers
Ken

[quoted text, click to view]

iis security : anonymous access AND integrated windows authentication enabled on IIS 6.0 serverproblem.