Text version of the video
Slides
All ASP .NET Text Articles
All ASP .NET Slides
All Dot Net and SQL Server Tutorials in English
All Dot Net and SQL Server Tutorials in Arabic
Authentication is the process of identifying users. Authorization is the process of granting access to those users based on identity. Together, authentication and authorization secures our Web application.
Authentication – Who is the User?
Authorization – What rights the user has? What resources the user can access?
Most of the public web sites, does not ask the user to enter any user name and password. But still, we will be able to access the content of these web sites. ASP.NET Web applications provide anonymous access to resources on the server. Anonymous authentication allows users to access the public areas of the web site, without prompting the users for a user name or password.
In IIS 6.0
IUSR_ComputerName is used for providing anonymous access.
In IIS 7.0
IUSR account is used for providing anonymous access.
By default anonymous authentication is enabled in IIS.
Notice, that the application pool identity is used to execute the application code. In the next video session, we will discuss about asp.net impersonation with anonymous access.
To disable anonymous authentication, click “Disable” link under actions in the right hand side panel in IIS.
To change the account that is associated with anonymous access, click “Edit” link under actions in the right hand side panel in IIS. Notice, that the default account is IUSR. This can be changed to a custom windows account or Application pool identity.
