« Previous Next »

• 06-22-2009, 9:56 AM

  aspnetsantha Joined on 06-15-2009, 6:08 AM Posts 8	Allow IIS to Control Password Reply Contact   Hi, Can you tell me the meaning of the check box "Allow IIS to Control Password", What  exactly happens when we  check the check box?, also what happens in the runtime?(one thing I can understand that IIS logging the credentials supplied), I want a detailed explanation(from lower lever to higher level),Please. Thanks

• 06-22-2009, 12:25 PM

  In reply to

  JaroDunajsky Joined on 04-19-2005, 10:23 PM Redmond Posts 173

  Re: Allow IIS to Control Password Reply Contact You must be talking about IIS5 or IIS6, are you not? "Allow IIS to Control Password" is available for IIS5 and IIS6 in the context of anonymous authentication. If "Allow IIS to Control Password" is enabled, then tye IIS adminitrator doesn't need to store anonymous user password in the metabase (IIS configuration store).  The main purpose of the feature is to simplify password management. There is a module called iissuba.dll loaded by LSA (Local Security Authority) module on the IIS machine that allows password less logon for anonymous users. Such anonymous tokens are only good for accessing local resources. IIS6 doesn't support the "Allow IIS to Control Password" by default due to some security concerns. Please read the following KB article  http://support.microsoft.com/kb/332167 IIS7 retired the "ALlow IIS to Control Password" and introduced a built-in IUSR account for anonymous authentication.    Jaroslav Dunajsky (MSFT, IIS)

• 06-22-2009, 11:49 PM

  In reply to

  aspnetsantha Joined on 06-15-2009, 6:08 AM Posts 8	Re: Allow IIS to Control Password Reply Contact Thanks.