20.4. Windows Authentication

With Windows authentication, the web server takes care of the authentication process. ASP.NET simply uses the authenticated IIS user and makes this identity available to your code for your security checks.

If your virtual directory uses the default settings, users will be authenticated under the anonymous IUSR account. But when you use Windows authentication, you'll force users to log into IIS before they're allowed to access secure content in your website. The user login information can be transmitted in several ways, but the end result is that the user is authenticated using a local Windows account. Typically, this makes Windows authentication best suited to intranet scenarios, in which a limited set of known users ...

Get Beginning ASP.NET 3.5 in C# 2008: From Novice to Professional, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.