Let’s try to understand how anonymous access works in IIS
1. Create a simple asp page and put <%=DATE()%> in it save it as test.asp in the following location C:\Inetpub\wwwroot\TestAnonymous (Create TestAnonymous directory in C:\Inetpub\wwwroot).
2. Create a virtual directory with TestAnonymous and map it to
C:\Inetpub\wwwroot\TestAnonymous.
3. Create a user testuser using computer management.
4. Now open IIS and go to the directory security tab and click edit button in Anonymous Access frame and change user name to testuser(which we created using computer management) and give the same password that has been provided during creation of testuser, screen should look like below.
5. Make sure no other option is selected(like: Allow IIS to control password, Digest, Basic, Integrated).
6. Try to browse test.asp page, page should come on the browser.
7. Now change the password of testuser in IIS not in computer management i.e. provide wrong password in IIS.
8. Again make sure no other option is selected(like: Allow IIS to control password, Digest, Basic, Integrated).
9. Try to browse test.asp page, page should not come on the browser.
10. Now check Allow IIS to control password,Directory security tab should be like below image.
Above steps make us beleive that anonymous access user should be in sync with the user of the system.
Refer : http://support.microsoft.com/kb/216828 for more information to understand more about Allow IIS to control password.
Tuesday, June 24, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment