IIS and Asp.net Identity Authentication

Set applications in IISProgramIdentity Authentication options include:

First, Forms authentication and Windows Live ID Authentication (Microsoft's Single Sign-On Service)

Category 2: basic identity authentication, digest identity authentication for domain servers, and Windows Identity Authentication

 

Options for simulated identity are:

"Asp.net simulation" and "application pool identification" in IIS Identity Authentication"

In addition, "Anonymous Authentication" must be enabled for the simulated identity"

 

In addition, there are two notes in conclusion 3:

Summary 1: To allow. net programs to have system user permissions, there are four ways to set them. Built-in accounts can be set only for the application pool. There are four built-in accounts: Local Service, LocalSystem, network service, and applicationpoolidentity. Therefore, the premise of the four methods is to set the application pool to LocalSystem. There are four combinations of options for IIS identity authentication. You can use system. security. iprincple. windowsidentity. getcurrent (). name = nt authority \ system to verify.

They are:

(1) enable Anonymous Authentication, set it to use the application pool identity, enable Asp.net identity simulation, and use authenticated users

(2) Enable Windows Authentication and disable other identity authentication.

(3) enable basic authentication and other authentication

(4) enable Anonymous Users and disable other identity authentication. (Iis7 does not change the Authentication Settings by default)

Conclusion 2: Windows accounts are used as client authentication in three cases, namely, the second type of authentication mentioned above.

Features:

High Security Level for Windows authentication using Keberos tokens

Hash transmission for passwords in the Digest authentication security level

Basic identity authentication security level low password use Plaintext Transmission

Conclusion 3: To enable Windows Authentication and disable Kernel Mode authentication, you need to enter a Windows account on the client, which is a machine connected to the network, different from connecting to the IIS server. Another way is to connect to the IIS server.

 

Note 1: Asp.net simulation is generally used to avoid issues related to identity authentication and authorization in Asp.net programs.

NOTE 2: Digest authentication can be enabled only when a domain is added.