Introducing Integrated Windows Authentication

Integrated Windows Authentication previously known as NTLM and also referred to as Windows NT Challenge/Response authentication, enables secure authentication, as the user name and password are hashed before it is sent across the network. Hashing involves a browser recognizing a password through a cryptographic exchange with the Web server, on enabling Integrated Windows Authentication. The default authentication method used by Windows Server 2003 is Integrated Windows Authentication.

To configure Integrated Windows Authentication, you need to be a member of the Administrators group on the local computer or you should be delegated the appropriate authority. As a security best practice, use an account that is not in the Administrator's group to log on to your computer. Then use the Run As command to run IIS Manager as an administrator. In the command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".

Websites in different worker processes that run under different identities can be isolated. IIS may behave in a different way, if Integrated Windows Authentication is used. Integrated Windows Authentication tries to use Kerberos, a network authentication protocol, which might not work, depending upon the identity of the worker process.

The use of Kerberos authentication fails in two cases. They are:
1. Kerberos authentication fails when websites are isolated on a virtual directory level, by configuring worker process identities as different domain accounts.
2. If you want to use a local user account or a LocalService account as a worker process identity, when using Integrated Windows Authentication and not using a Windows Internet Name Service (WINS) or Domain Name System (DNS) name for the server that runs the IIS, Kerberos authentication fails as Active Directory does not trust the accounts.

When Kerberos authentication fails, you can force the IIS to use NTLM authentication. To do this, set the NTAuthenticationProviders metabase property to NTLM.

“Amazon and the Amazon logo are trademarks of, Inc. or its affiliates.”

| Privacy Policy for | Disclosure | Contact |

Copyright - © 2004 - 2024 - All Rights Reserved.