Reputation: 483
using anonymousAuthentication for Windows AD users
anonymousAuthenticaion has a username, which defaults to local user IUSR, and a password.
If I understand the docs correctly, the password can by arbitrary. To authenticate with the website, you should use the password, and then the site runs with the permissions of the user specified in username.
This doesn't make any sense.
If the username belong to a network user, the site couldn't use it's network credentials without a token, for which it would need a password.
If the user is local, and different than IUSR, then again the IIS user should be able to do privilege escalation and run with it's credentials.
What am I missing ? And specifically, can anonymousAuth be used to authenticate with Windows accounts? (I know it's an odd usecase, because I can just use WindowsAuthentication)
Upvotes: 1
Views: 189
Answers (1)
Reputation: 63123
"If I understand the docs correctly, the password can by arbitrary", that's where misunderstanding comes.
Only a few special accounts like IUSR and Active Directory Managed Service Accounts can be configured without passwords, because Windows knows how to query their passwords automatically.
In all other cases, a valid password must be provided by you, or the application will fail with an error page.
Upvotes: 1
Related Questions
- IIS Mixed Anonymous and Windows Authentication
- IIS Anonymous user authentication doesn't work with AD credentials
- IIS Anonymous authentication for website and want to use active directory
- Can I allow anonymous and active directory users to browse the same IIS 7.5 site?
- Prioritise Windows Authentication over Anonymous Authentication in IIS
- Windows and anonymous authentication side by side
- Mixing Anonymous Authentication with Windows Authentication in IIS 7
- IIS: Anonymous and WIndows Authentication
- Getting windows/domain credentials in asp.net while allowing anonymous access in IIS
- ASP.NET Membership - Can I allow anonymous access and still use automated login using Active Directory?