Authentication and Anonymous Logons

On the Web Site or other Application server, the Allow anonymous authentication setting operates in conjunction with ACLs to control whether or not authentication occurs (that is, whether the user is asked for credentials):

• If Allow anonymous is enabled and the ACL on the requested resource grants access to the Everyone group, authentication does not occur. The user is logged on anonymously.
• If Allow anonymous is enabled and the ACL on the requested resource does not grant access to the Everyone group, authentication occurs.
• If Allow anonymous is disabled, authentication occurs, regardless of the contents of the ACL on the resource.
• If client certificates are accepted or required for a requested resource, the Client Certificate Authentication process occurs regardless of the Allow Anonymous setting on the Application server, virtual directory, or file, or the ACL existing on the resource.

On the Site Server LDAP Service, if Allow anonymous is enabled, the user can log on anonymously. ACLs on Membership Directory objects determine the objects the user sees.

Related Topics

• Authentication
• Developing a Security Model
• Securing a Membership Directory
• Managing Access Control
• Setting Authentication Methods on Application Servers, Virtual Directories, and Files
• Setting Access Control on Application Server Content
• Setting Access Control on Membership Directory Objects