What Is Anonymous Authentication And How To Allow Anonymous Access To Websites On IIS? Print

  • 0

What is Anonymous Authentication?

Anonymous authentication is one of the most popular methods of controlling website access, allowing anyone to access the website while preventing unauthorized users from accessing sensitive web server administrative functions and personal information. It will enable the users to view the website without being prompted for a username and password.

When a user tries to connect to a public website, the web server maps the user to his Windows user account named IUSR_computername,  where the computer name is the name of the server on which the IIS is running. IUSR_computername account is used to allow anonymous access.

When IIS is installed on the server, the IUSR_computername account is in the Windows Users group. This group has security restrictions through NTFS permissions that determine the type of content and level of access available to users on the public Internet.

IIS uses the IUSR_computername account as follows:

-> Upon receiving a page request, IIS will impersonate the IUSR_computername account before executing any code or accessing any files. IIS can impersonate the IUSR_computername account because the username and password for this account are known by IIS. 

 -> Before returning the page to the browser, IIS checks the NTFS file and directory permissions to see if the IUSR_computername account has access to the file. 

-> Once access is granted, authentication is complete, and the resource is available to the user. 

-> IIS will try to use another authentication method if access is not allowed. If nothing is selected, IIS will return an HTTP 403 Access Denied error message to the browser.

Important Note: 

-> The anonymous account must have user rights to log on locally. IIS cannot process anonymous requests if the account does not have "log on locally" permissions.

-> The IIS installation explicitly grants log-on local permission to her IUSR_computername account. 

-> Also, if the anonymous user account does not have permission to access a particular file or resource, the Web server will refuse to make an anonymous connection to that resource.

How to allow Anonymous authentication to a website in IIS?

Get best windows VPS Hosting

Below are the steps on how to allow or enable Anonymous authentication to a website from IIS.

Step 1: Open Internet Information Service (IIS) Manager.

Go to the taskbar -> Click on the Windows Start button -> Click on the Administrative Tools -> Select the Internet Information Service (IIS) Manager and double click on it to open it.

Step 2: In the Internet Information Services IIS Manager window, click on the Server name, then click on the Sites option.

Step 3: In the Site option, select the website on which you want to enable Anonymous Authentication and double-click on the Authentication option under the IIS section to open the Authentication window. Here, we have selected the website demovpstest.com as an example.

Step 4: In the Authentication window, select the Anonymous Authentication option and click on Enable option under the Actions pane on the right side of the screen.

Step 5: Once you click on it, anonymous authentication will be enabled for your website. That's all.

Get best windows VPS Hosting

Was this answer helpful?

« Back