HOW TO: Set Up Anonymous and Basic Authentication on the Same Web Content in IIS (313251)

SUMMARY

This step-by-step article describes how to set up both Anonymous and Basic authentication on the same Web content.

back to the top

Configure an IIS Web Server

Your network may contain a firewall to protect one or more IIS Web servers. You may want to set up a Web site so that internal network users can access the Web content with Anonymous authentication (that is, internal network users are not required to provide a user name and password). However, because external requests are routed through a firewall, external users must connect to the site with Basic authentication (which should be used in conjunction with SSL encryption).

To set up Anonymous and Basic authentication on the same Web content, follow these steps:

NOTE: In the following example, the Web content is stored in the E:\Inetpub\WWWroot\Test Site folder.

1. Open the IIS Microsoft Management Console (MMC) Internet Services Manager.
2. Create a new Web site and name it External Site.
3. Bind External Site to a static IP address that maps to a Fully Qualified Domain Name (FQDN) from an authorized registrar (for example, Externaluser.Mysite.com), and make sure that External Site points to E:\Inetpub\WWWroot\Test Site.
4. Install a server certificate on External Site. Set the site to use Basic authentication only.
5. On the Domain Name System (DNS) Server, create a new host record. Obtain the static IP address that is described in step 3.
6. Create a new site and name it Internal Site. Set the IP address to All Unassigned. Set the local path for Internal Site to E:\Inetpub\WWWroot\Test Site.
7. Set the authentication on Internal Site to Integrated Windows authentication (IIS 5.0 and later), Windows NT Challenge/Response (IIS 4.0), or Anonymous authentication, depending on your needs.

back to the top