Windows Authentication utilizes the authentication capabilities of IIS so that you don't have to write any custom code. Compared to other authentication mechanisms, Windows authentication does not pass the user credentials over the wire. Windows authentication also provides a seamless user experience. After IIS completes its authentication, ASP.NET uses the authenticated identity's token to authorize access.
Windows Authentication is usually implemented when the users are part of Windows domain (Microsoft Windows NT domain controller or within Microsoft Windows Active Directory) and the authenticated users are to be impersonated so that the code is executed in the same security context of the user's Windows account.
There are four different kinds of Windows authentication options available that can be configured in IIS
- Anonymous
- Basic authentication
- Digest authentication
- Windows Integrated Authentication
- Client Certificate Mapping
Anonymous Authentication
Anonymous authentication gives users access to the public areas of your Web site without prompting them for a user name or password. With Anonymous authentication, the server does not request the client to send user credentials. It is a good choice when our site or service is publicly available and we do not need to know the identity of the caller.
IIS provides stored credentials to Windows using a special user account, IUSR_machinename or the account configured in IIS for the anonymous user or the IIS system account.
Using Anonymous Authentication offers the best performance because Anonymous authentication imposes no appreciable overhead.
In the next part of the series I will explain Basic and Digest Authentication