Re: Allow IIS to Control Password

aspnetsantha — Tue, 23 Jun 2009 03:49:18 GMT

Thanks.

Re: Allow IIS to Control Password

JaroDunajsky — Mon, 22 Jun 2009 16:25:46 GMT

You must be talking about IIS5 or IIS6, are you not?

"Allow IIS to Control Password" is available for IIS5 and IIS6 in the context of anonymous authentication. If "Allow IIS to Control Password" is enabled, then tye IIS adminitrator doesn't need to store anonymous user password in the metabase (IIS configuration store). The main purpose of the feature is to simplify password management.
There is a module called iissuba.dll loaded by LSA (Local Security Authority) module on the IIS machine that allows password less logon for anonymous users. Such anonymous tokens are only good for accessing local resources.

IIS6 doesn't support the "Allow IIS to Control Password" by default due to some security concerns. Please read the following KB article http://support.microsoft.com/kb/332167

IIS7 retired the "ALlow IIS to Control Password" and introduced a built-in IUSR account for anonymous authentication.

Allow IIS to Control Password

aspnetsantha — Mon, 22 Jun 2009 13:56:07 GMT

Hi,

Can you tell me the meaning of the check box "Allow IIS to Control Password", What exactly happens when we check the check box?, also what happens in the runtime?(one thing I can understand that IIS logging the credentials supplied), I want a detailed explanation(from lower lever to higher level),Please. Thanks

IIS7 - Setup

Re: Allow IIS to Control Password

Re: Allow IIS to Control Password

Allow IIS to Control Password