Enabling Basic Authentication

You can use Basic authentication to confirm a user's identity before granting access to a restricted Web site, directory, or file. Basic authentication requires a user to enter a valid Windows NT account user name and password into a dialog box rendered by the user's Web browser. The Web browser then attempts to establish an authenticated connection by transmitting the account information to your server. If your server rejects the information, the Web browser will repeatedly render the dialog box (the number of times depends on the Web browser's configuration) until the user enters valid information, or closes the dialog box.

Enabling Basic authentication does not automatically configure your Web server to authenticate users. Authentication will occur only under the following circumstances:

• Anonymous access is disabled.
• Anonymous access fails because the anonymous user account does not have permission to access a specific Windows NT File System (NTFS) file or resource.

Important    

• When you set security properties for a specific Web site, you automatically set the same security properties for directories and files belonging to that site, unless the security properties of the individual directories and files have been previously set.
• Your Web server will prompt you for permission to reset the properties of individual directories and files when you attempt to set security properties for your Web site. If you choose to reset these properties, your previous security settings will be replaced by the new settings. The same condition applies when you set security properties for a directory containing subdirectories or files with previously set security properties. For more information about setting properties, see Properties and Inheritance of Properties on Sites in About Web Sites.

1. Use the Windows NT User Manager utility to create a Windows NT user account on your server. If appropriate, add the account to a specific Windows NT user group.

Note   To properly authenticate users with Basic authentication, Windows NT users accounts must have Log On Locally user rights. By default, user accounts on a Windows NT server domain controller are not granted the Log On Locally user rights. During the Basic authentication process your Web server "impersonates" each user as a local user, that is, as a user physically logged at the Web server. This means that you need to explicitly grant Log on Locally user rights to any account that you set up on your Web server or the domain controller used for access by your Web server. Use the Windows NT User Manager utility to configure user rights.

2. Configure Windows NT File System (NTFS) permissions for the directory or file for which you want to control access. Add the name of the user account or group, and then set the type of access. For more information, see Setting Access Permissions for a Directory or File.
3. In Internet Service Manager, select the directory or file, and open its property sheets. (If you have configured NTFS permissions for a directory corresponding to a Web site, then select that Web site and open its property sheets.)
4. Select the Directory Security or File Security property sheet. Under Anonymous Access and Authentication Control, click Edit.
5. In the Authentication Methods dialog box, select the Basic Authentication check box.

Note   Windows NT Challenge/Response authentication takes precedence over Basic authentication. This means that if the user's Web browser supports both authentication methods, the browser will use Windows NT Challenge/Response authentication. To ensure that users are authenticated only with Basic authentication, clear the Windows NT Challenge/Response authentication check box.

6. Click Edit to select a default logon domain. For more information, see Setting the Default Logon Domain.
7. Click OK.

Caution    The Basic authentication method transmits user names and passwords across the network in an unencrypted form. A computer vandal could use a network monitoring tool to intercept this information. (Using your Web server's encryption features, in combination with Basic authentication, you can secure user account information transmitted across the network. For more information, see About Encryption.)

© 1997 by Microsoft Corporation. All rights reserved.