Most of the public websites does not ask user to enter any username and password.But still, we will
be able to access the content of these websites.
Asp.Net web applications provide anonymous access to resources on the server.
Anonymous Authentication allows users to access the public areas of the web sites, without prompting
the users for username and password.
In IIS 6.0
IUSR_ComputerName is used for providing anonymous access.
In IIS 7.0
IUSR account is used for providing anonymous access.
By default anonymous authentication is enabled in IIS.
If we disable anonymous authentication, we can not access the site.
Impersonation :
we can enable impersonation using following line in web.config.
<identity impersonate="true"/>
When the application uses anonymous authentication and
- If Impersonation is disabled, then, the Applicationpoolidentity is used to execute application code.
- If Impersonation id enabled, then, "NT Authority\IUSR" account is used to execute the application code.
IF there are 2 or more websites hosted on a machine, with IUSR as the anonymous account, then they can access each other's content.If we want to isolate, each application content, the application can be deployed to different application pools and NTFS file permission can be set for the respective application pool identity.
Related Post :
Other authentication mode in Asp.net is Windows authentication and Forms authentication.Please visit following link .
http://logicsmaze.blogspot.in/Windows_Authentication
http://logicsmaze.blogspot.in/Forms_Authentication
No comments:
Post a Comment