IIS6.0 UI vs. IIS7.x UI Series: Integrated Windows Authentication

This week in the blog series (Introduction to the series – here), let’s talk about Integrated Windows Authentication feature in IIS6 UI and compare it to IIS7.x UI.

Integrated windows authentication was known as NTLM in previous (before IIS6.0) IIS versions. This is a form of authentication that hashes the user credentials before sending across the network.

Integrated Windows authentication uses Kerberos authentication and NTLM authentication. When you enable windows auth, the client submits password through cryptographic exchange with your web server that involves hashing.

Windows auth is best suited for intranet where machines client and server are all on same domain and might not work over http connections.

Integrated Windows Authentication feature in IIS6.0

Integrated Windows Authentication is the Default Authentication in W2k3 (IIS6.0). More about Integrated Windows auth in IIS6 here.

IIS6 UI – Integrated Windows Authentication

To enable, disable integrated windows authentication, you would

- Launch IIS Manager (run inetmgr)

- Select and expand the local computer node in the tree view

- Right click on the site, folder or file that you would like to enable basic authentication for and click on “Properties” from the context menu. 

- Click on Directory Security or File Security (for a file) tab.

- In the Authentication and access control section, Click on the button “Edit…”

- You can now Enable/Disable Integrated windows authentication by checking/un-checking the checkbox next to “Integrated Windows authentication”

- Click on all the “Ok” buttons

Integrated Windows Authentication feature in IIS 7.x

Integrated Windows authentication is not part of the default IIS install. You can install it from the Security feature category through Windows Feature On and Off on Client SKUs. You can also install it from Security role service of Web Server (IIS) role in Server Manager on Server SKUs.

IIS7 UI – Integrated Windows Authentication

To enable, disable integrated windows authentication, you would

- Launch IIS Manager (run inetmgr)

- Select and expand the local computer node in the tree view

- Select the site, folder or file that you would like to enable Windows authentication for in the tree view and click.

- Open “Authentication” feature from the Home Page.

- Select “Windows Authentication” from the Authentication page list view, you can now Enable/Disable windows auth by clicking on the Enable/Disable (toggle) link label in the Actions Pane

- Optionally you can also Enable/Disable Kernel-mode authentication. By default kernel-mode auth is enabled. Click here for more information: http://blogs.msdn.com/webtopics/archive/2009/01/19/service-principal-name-spn-checklist-for-kerberos-authentication-with-iis-7-0.aspx

- Click Ok on the Advanced Settings dialog when done.

Next blog in the series: Wrap up authentication

As always, please drop a comment if there are any specific UI modules/properties you would like to be compared next and also if you have any feedback on the level of detail.