Enable Anonymous Authentication (IIS 7)

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

Anonymous authentication allows any user to access any public content without providing a user name and password challenge to the client browser. By default, Anonymous authentication is enabled in IIS 7.

If some content should be viewed only by selected users, you must configure the appropriate NTFS permissions to prevent anonymous users from accessing that content. If you want only registered users to view selected content, configure an authentication method for that content that requires a user name and password, for example, Basic or Digest authentication.

Consider using the following best practices when you configure anonymous authentication:

  • Create a group for all anonymous user accounts. You can deny access permissions to resources based on this group membership.

  • Deny execute permissions for anonymous users to all executables in Windows directories and subdirectories.

For more information about how to configure the Anonymous authentication identity, see Configure the Anonymous Authentication Identity (IIS 7).

Prerequisites

For information about the levels at which you can perform this procedure, and the modules, handlers, and permissions that are required to perform this procedure, see Authentication Feature Requirements (IIS 7).

Exceptions to Feature Requirements

  • None

Modules

  • AnonymousAuthModule

To configure anonymous authentication

You can perform this procedure by using the user interface (UI), by running IIS 7 command-line tool commands in a command-line window, by editing configuration files directly, or by writing WMI scripts.

User Interface

To use the UI

  1. Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).

  2. In Features View, double-click Authentication.

  3. On the Authentication page, select Anonymous Authentication.

  4. In the Actions pane, click Enable to use Anonymous authentication with the default settings.

Command Line

To enable or disable Anonymous authentication, use the following syntax:

appcmd set config /section:anonymousAuthentication /enabled:true | false

By default, IIS sets the enabled attribute to true, which enables Anonymous authentication. If you set the attribute to false, you disable Anonymous authentication. For example, to disable Anonymous authentication, type the following at the command prompt, and then press ENTER:

appcmd set config /section:anonymousAuthentication /enabled:false

For more information about Appcmd.exe, see Appcmd.exe (IIS 7).

Configuration

The procedure in this topic affects the following configuration elements:

<anonymousAuthentication>

For more information about IIS 7 configuration, see https://go.microsoft.com/fwlink/?LinkId=88551 on the MSDN site.

WMI

The procedure in this topic affects the following WMI classes, methods, or properties:

  • AnonymousAuthenticationSection class

For more information about WMI and IIS, see Windows Management Instrumentation (WMI) in IIS 7. For more information about the classes, methods, or properties associated with this procedure, see the IIS WMI Provider Reference on the MSDN site.

See Also

Concepts

Configuring Authentication in IIS 7 Configure the Anonymous Authentication Identity (IIS 7)