Hi All, How many types the Authentication IIS Provided? Is Form-authentication is provided by of IIS? if no,then how it works?
Thanks Vijendra Shakya
A:
Both IIS 6 and 7 natively support:
- Anonymous Authentication
- Basic Authentication
- Digest Authentication (IIS 6 and 7 differ in their implementations)
- Windows Authentication
In IIS6 Forms Authentication is provided separately by ASP.NET because ASP.NET is not an integral part of IIS6. This is why, out of the box, it is not possible to secure non-ASP.NET assets such as ASP pages, images or plain HTML pages using Forms Authentication.
Requests for these types of files never hit the ASP.NET pipeline because they are handled directly by http.sys or the classic ASP ISAPI filter.
In a default install of ASP.NET on IIS6 only the .NET page types can be secured by ASP.NET Forms Authentication: .aspx, .asmx, .ashx etc.
This is because these page types are mapped to the ASP.NET ISAPI filter:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
If you wanted to secure static content such as .html, .jpg etc using ASP.NET Forms Authentication then you'd need to map these extensions to ASP.NET's ISAPI filter or do a wildcard mapping in IIS6.
In IIS7 the ASP.NET runtime is integrated into IIS so IIS7 natively supports Forms Authentication for all types of files and requests including ASP, PHP and so on.
IIS7 also supports the following additional authentication mechanisms:
- Client Certificate Mapping Authentication
- IIS Client Certificate Mapping Authentication
- UNC Authentication
IIS 6 also supports:
- .NET Passport Authentication - no longer supported
- Client Certificate Mapping Authentication
Kev
2010-10-04 23:06:56
@Kev:IIS7 provide Form authentication,then how form-authentication works in IIS6?
Vijjendra
2010-10-04 23:24:32
@vijjendra - I updated my answer, I don't think I can explain it any better than that.
Kev
2010-10-05 00:17:17