Basic Authentication:
 
Basic authentication is a standard which nearly all browsers support.  When you access a site and you see a standard popup window which asks for your username and password, your are using basic authentication.  An example from Internet Explorer can be found below.



How to configure in IIS:

  • Open the MMC and select the site or directory you wish to protect
  • Right click and select properties on that site / directory
  • Select the directory security tab
  • Click the "edit" button on authentication control
  • Enable basic authentication
  • Now your site is setup to support basic authentication you need to change the NTFS permissions for the directory you want to protect and add any users or groups you wish to have access
  • When IUSR_MACHINENAME does not have access to a directory or you disable anonymous access the basic authentication windows will popup
     

Advantages:

  • Requires no additional software

 
Disadvantages:

  • Choosing basic authentication in conjunction with NT users can be dangerous, the reason is that the username and password are sent in plain textIf someone maliciously acquires an NT username and password they will have rights on the server and can do damage.
  • The basic authentication login box is generated by the web browser, as such you can not control the look and feel of this dialog
  • This requires that you create NT users and groups for all web site users.  This can be difficult to administer, particularly with large number of users.