Recipe 12.8. Configuring Web Site AuthenticationProblemYou want to authenticate users before they can access content on your web server. SolutionUsing a graphical user interface
Using VBScript' This code configurations authentication for a web site. ' ------ SCRIPT CONFIGURATION ------ strComputer = "<ServerName>" strSiteID = "<SiteID>" intFlag = 1 + 4 ' Here are the available authentication values: ' 1 = Anonymous ' 2 = Basic ' 6 = MD5 ' 4 = NTLM ' 64 = Passport ' For the intFlag variable, simply add together the ' numbers that represent the auth settings you want ' to configure. ' ------ END CONFIGURATION --------- set objweb site = GetObject("IIS://" & strComputer & "/W3SVC/" & strSiteID) objweb site.AuthFlags = intFlag objweb site.SetInfo WScript.Echo "Successfully modified auth settings for: " & _ objweb site.ServerComment DiscussionAuthentication complements permissions as another tool for controlling access to content on IIS. When a user tries to access a web site, the user must first be authenticated. For a publicly hosted site designed for Internet users, anonymous access is the usual authentication method. For private intranets, some form of credential-based authentication must be used to guard against unauthorized access to company files. As Table 12-5 shows, IIS supports a number of different authentication methods to control access to your web server's content.
If you enable multiple authentication methods including Anonymous Access, only Anonymous Access will be used. If you enable multiple authentication methods and Anonymous Access is not enabled, the most secure authentication method is attempted first and continues until reaching the least secure method unless the user successfully authenticates. If authentication must take place through a proxy server, use Digest Authentication instead of Integrated Windows Authentication. Note that Digest Authentication requires Internet Explorer 5 or higher on the client end.
Using VBScriptConfiguring authentication settings via ADSI is straightforward. You just need to set the AuthFlags property on a web site or virtual directory object. AuthFlags is a bit flag, which means you have to add the values associated with the desired settings and use that total as the value for AuthFlags. I included in the code the list of possible authentication settings and their corresponding values. See AlsoMS KB 324274 (How To Configure IIS Web Site Authentication in Windows Server 2003) and MS KB 324276 (HOW TO: Configure Internet Information Services Web Authentication in Windows Server 2003) |