I am wondering what the effect of setting <authentication mode="windows"> in the web.config is in different version of IIS.
I believe that in IIS 5, it has little to no effect, as all of that is integrated and controlled by the web server.
On IIS 6 and 7, I believe that I can set the web server to Anonymous access and then each hosted web application could in turn determine if it wanted to use Windows Authentication by setting the mode. That is to say, the web.config controls ASP.NET in these IIS versions and overrides the server.
I am looking for a white paper or reference of some type that will back this up more than just my observational experience