Windows authentication.- If windows authentication mode is selected for an ASP.NET application, then authentication also needs to be configured within IIS since it is provided by IIS.
- IIS provides a choice for four different authentication methods:
Anonymous: IIS doesn’t perform any authentication. All are allowed to access the ASP.NET application.
Basic: Users must provide a windows username and password to connect. This information is plain text which makes this mode insecure.
Digest: Users need to provide a password which is sent over the network. However in this case the password is hashed. It also requires that all users be using IE 5 or later versions.
Windows integrated: Passwords are not sent over the network. The application uses either the Kerberos or challenge/response protocols authenticate the user. Users need to be running IE 3.01 or later.