1. . Do not need to know the name and/or password of the caller for either login or business logic components.


2. The information being protected is considered as "public."

• The built-in anonymous Internet account, IUSR_MACHINENAME.


• The account configured in IIS for the anonymous user.


• The IIS system account.

If application is using other resources, such as COM+ components, databases, message queues, or UNC file shares, you will need to enable the appropriate permissions for the anonymous user. If this is the case, consider the following options:

• Set up a domain controller that includes all of our Web and application servers. Configure the anonymous user to run as a domain user with the appropriate permissions for resource access. This method will give us easier manageability because your account management is centralized.


• If we are not running in a domain, then we can create a user with the same name and password on each of the Web and application servers. This is not recommended due to the complexities with duplicate account management.

Having an anonymous Web site and not using ASP.NET impersonation will give us the highest performing, but the least secure, application configuration. To implement Anonymous authentication, configure IIS for Anonymous authentication and configure the appropriate anonymous user account. Configure ASP.NET using the Web.config file to use no authentication.

< system.web>
<authentication mode =”None”/>
</system.web>

• Printer Friendly
• Email to a friend
• Add to my Favourites
• Download PDF version
• Report Bad Submissions
• Submit Feedback