Combining authentication methods for personalization and membership (308532)


The information in this article applies to:

  • Microsoft Site Server 3.0 Commerce Edition
  • Microsoft Site Server 3.0
This article was previously published under Q308532
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx

SUMMARY

This article clarifies combining authentication methods.

MORE INFORMATION

Combining Authentication Methods

Automatic cookie authentication and HTML forms authentication cannot be used with each other or with any other authentication method for the same virtual directory or file.

If you have a file or directory that you want to require HTML forms authentication, only HTML forms authentication must be selected. Anonymous authentication cannot be used with HTML forms authentication. The same is true for automatic cookie authentication. If you want to use automatic cookie authentication, you must use only automatic cookie authentication.

If you want to enable anonymous access only a to file or directory, follow these steps:
  1. In the IIS MMC, click the Membership Authentication tab.
  2. Select Anonymous and Other password. Do not select Basic or DPA.

REFERENCES

This article is based on the following section in the Site Server online documentation: 
Personalization and Membership 
   Personalization and Membership Concepts and Planning  
      Membership Concepts  
         Security  
            Authentication
Modification Type:MinorLast Reviewed:6/22/2006
Keywords:kbinfo KB308532
©2004 Microsoft Corporation. All rights reserved.