specifically what I'm trying to achieve is to have the possibility of supporting both types of authentication, but giving priority to integrated security
I mean, if the credentials are passed, use integrated security (and I could see who logged in thru ServerVariables["logon_user"], if no credentials are passed, then fall back to anonymous, and in that case ServerVariables["logon_user"] would have an empty string.
I tried with IIS 6, but if I enable anonymous access, then the client seems to pick that method, even though I pass the credentials...
I'm trying accessing the page using HttpWebRequest from asp.net, in one case I pass no credentials at all, an in the second I set the credentials with
request.Credentials = new NetworkCredential("user", "password");
If I pass credentials, but have the server configured with both authentication methods (anonymous and integrated), ServerVariables["logon_user"] returns an empty string...
any idea how to solve it?
thanks a lot
edit: I've found this article: http://www.eggheadcafe.com/articles/20050703.asp
it says:
Anonymous is set in IIS by selecting the Anonymous Access. Once this is set, no authentication will be made against the user regardless of any other selected authentication modes.
so, it seems like it's not possible at all to go for integrated security and then falling back to anymous access...