IIS6.0 UI vs. IIS7.x UI Series: Digest Authentication

This week in the blog series (Introduction to the series – here), let’s talk about Digest Authentication feature in IIS6 UI and compare it to IIS7.x UI.

Digest Authentication feature in IIS6.0

Digest Authentication provides the same functionality as Basic Authentication, except that it provides a way to ensure the username and password are not send as plain text over the network. Digest Authentication sends credentials using MD5 hash, the username and password cannot be deciphered from these hashes.

IIS6 UI – Digest Authentication

IIS6_DigestAuth

 

To enable, disable digest authentication, you would

- Launch IIS Manager (run inetmgr)

- Select and expand the local computer node in the tree view

- Right click on the site, folder or file that you would like to enable basic authentication for and click on “Properties” from the context menu. 

- Click on Directory Security or File Security (for a file) tab.

- In the Authentication and access control section, Click on the button “Edit…”

- You can now Enable/Disable digest authentication by checking/un-checking the checkbox next to “Digest authentication for Windows domain servers”

- In the realm box, enter the realm name or click the “Select…” button to browse for Domain

- Click on all the “Ok” buttons

NOTE about Advanced Digest Authentication: Under Advanced Digest Auth, user credentials are stored on the domain controller as an MD5 hash.Advanced Authentication is enabled by default on a clean IIS6.0 install. UseDigestSSP metabase property should be set to TRUE for Advanced Digest auth to be enabled.

 

Digest Authentication feature in IIS 7.x

IIS7.x no longer supports the IIS 6.0 Digest Authentication, it supports Advanced Digest Authentication in IIS 6.0 instead. If successful, Digest Auth authenticates the request with a Windows token corresponding to the user’s Active Directory account.

Digest authentication is not part of the default IIS install. You can install it from the Security feature category through Windows Feature On and Off on Client SKUs. You can also install it from Security role service of Web Server (IIS) role in Server Manager on Server SKUs.

IIS7 UI – Digest AuthenticationIIS7_ServerHomePage_Auth

 

IIS7_DigestAuth

 

 

To enable, disable digest authentication, you would

- Launch IIS Manager (run inetmgr)

- Select and expand the local computer node in the tree view

- Select the site, folder or file that you would like to enable digest authentication for in the tree view and click.

- Open “Authentication” feature from the Home Page.

- Select “Digest Authentication” from the Authentication page list view, you can now Enable/Disable digest auth by clicking on the Enable/Disable (toggle) link label in the Actions Pane

- Optionally you can also add a realm name using the Edit … action. This realm will be used by the web server to authenticate a client trying to access a URL with Digest auth enabled.

- Click Ok on the Edit Digest Authentication Settings dialog when done.

 

Next blog in the series: Integrated Windows Authentication

As always, please drop a comment if there are any specific UI modules/properties you would like to be compared next and also if you have any feedback on the level of detail.

No Comments