Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

IIS 7 - Authentication in IIS vs Authentication in web.config

I'm relatively new to using IIS 7. I'm getting confused by the various options that IIS 7 provides.

What does setting authentication mode="Windows" do in the web.config of my ASP.net site do? What does enabling Windows authentication in the Authentication module in IIS 7 do?

What is the difference between these two? Does one override the other? Does this change whether you run in integrated vs classic mode?

like image 296
Dismissile Avatar asked Oct 14 '10 18:10

Dismissile


1 Answers

IIS7 leverages web.config files. There is tight integration in IIS7 and ASP.NET any changes made in the web.config are reflected in the management console and changes in the management console write changes into the web.config.

As far as windows authentication it uses the servers local Windows users as its user store. This is typically more useful for an intranet application that has tight security requirements and existing active directory user base.

Most internet facing applications should use Forms authentication or a custom authentication provider. You user store can be in the web.config but most applications would keep their userstore in a database

like image 126
Michael Christensen Avatar answered Sep 29 '22 21:09

Michael Christensen