Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How does IIS resolve Guest Account

Status
Not open for further replies.
kav123

kav123

Programmer
Jan 12, 2005
210
GB
How does IIS resolve the user who logs into the server. I mean if there is an anonymous user enabled then IIS normally maps to the guest account.
However, if i change that anonymous user account to someone else, the user is not able to access the website i.e. he is not able to create a Server Side component, in this case Permission checker component.
This is for a normal user. If an administrator accesses the website, just to run a test page, is he also resolved into the guest account.
I hope i have not confused you. I want to know who logs into access the webserver and if it's not a guest account, then the user should be resolved into a normal guest account as that of any user, so that he has the same permissions, which is necessary to run the test page.
 
Sort by date Sort by votes
actually the anonymous user maps to the IUSR_machinename account by default.

So any user who logs on must have at least the same level of access as that account.



Chris.

Indifference will be the downfall of mankind, but who cares?
Woo Hoo! the cobblers kids get new shoes.
Nightclub counting systems

So long, and thanks for all the fish.
 
Upvote 0 Downvote
What happens if i enable both Anonymous access and Integrated Windows Authentication.
So, as i understand your reply, if an administrator tried to access the website, i.e. by typing local host, then he would be resolved to a guest account??
 
Upvote 0 Downvote
Hi, the Anonymous account (IUSR_machinename) as ChrisHirst said is created by the IIS Setup. The password for this account is randomly generated by the IIS setup.

when both Anonymous and windows integrated are enable the following scenario takes place:

The browser will always try an anonymous access first. If the access is permitted (both authentication method and ACL permissions) the access is granted as anonymous. If access is denied for any reason (authentication or acl) the server returns a 401 error (login failed or access denied) and a request is sent to the client: at this point, the client passes the windows integrated credentials of the currently logged on user (the windows user/password).

you can see the IUSR_Machinename password by using the adsutil.vbs adminscript:

cscript adsutil.vbs ENUM W3SVC/1/root



Hope this helps. Please let know if this resolve your issue

Jeff
 
Upvote 0 Downvote
Thanks, that did help, so the Anonymous access is the preferred method, unless set otherwise in ACL or authentication. One more question, in integrated authentication the user credentials are checked by the IIS, how does it do that, i mean do we have to enter the login details of all the authorised users, or i'd assume the easier way would be to have a common authorised login which the IIS would recognise in such a scenario.
 
Upvote 0 Downvote
Hi, the IIS server checks the ACL on the folder and files (netlogon service). The easier way is to use groups recognizes within your domain/AD.

Hope this helps. Please let know if this resolve your issue

Jeff
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
1K
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
843
DrB0b
DrB0b
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
969
goombawaho
goombawaho
GriffMG
  • Locked
  • Question
Server 2016 IIS - When opening default web page in Edge (chromium) it downloads rather than opening
Replies
1
Views
387
GriffMG
GriffMG
donb01
  • Locked
  • Question
IIS - Can I do this Redirect?
Replies
1
Views
239
donb01
donb01

Part and Inventory Search

Sponsor

Back
Top