ASP.NET sites using WindowsAuthentication - No Active Directory domain

Question

We are trying to move away from joining our Windows-based web servers to our Active Directory domain.

A lot of our ASP.NET based sites are using Windows authentication so I would have thought running these sites on non-domain joined servers would not work.

However, reading Microsoft's documentation page on the topic, it is suggested that the web server running the site using this type of authentication does not need be on the domain. But no detail is included as to how one would achieve this:

You can use Windows authentication when your IIS 7 server runs on a corporate network that is using Microsoft Active Directory service domain identities or other Windows accounts to identify users. Because of this, you can use Windows authentication whether or not your server is a member of an Active Directory domain.

Source: https://learn.microsoft.com/en-us/iis/configuration/system.webserver/security/authentication/windowsauthentication/

Is it possible to run sites using Windows authentication on servers that are not domain joined? If it is, can someone provide me with some reading material as to how this type of system works?

Answer 1

I'm not sure if I understand correctly. But using windows authentication on servers that are not domain joined is possible. I make a simple example about this.

I have a server which is independent and don't join any domain. I only enable windows authentication and disable all other authentication.

When I access it remotely, it prompts me to enter the account password. I can login by using administrator account.

I also want to allow other users login but not using administrator account because it is unsafe. So I create a test account for him. I add this account in local users(create a group and add account in the group is also work).

When other user access the site, they can login by enter test account.