Last post Nov 06, 2013 08:42 AM by Rion Williams
Nov 06, 2013 08:20 AM|ogsim07|LINK
What is difference between Anonymous authentication and Allow="?" (authorization)
Nov 06, 2013 08:40 AM|bbcompent1|LINK
The Allow="?" has to do with forms authentication which uses anonymous to work. Istead of using windows authentication to check your user, they log onto the site using forms authentication. Make sense?
Nov 06, 2013 08:42 AM|Rion Williams|LINK
Basically - this is going to be distinguishing between actual Authentication (who you are) and Authorization (what you can do).
The use of Anonymous Authentication will basically cause IIS to not perform any specific authentication checks and allow any user to access your site or application (as opposed to some other form of authentication like Forms or Windows that may require
specific credentials for access). Basically - anonymous authentication means that your application or site will not care or keep track of its users.
Authorization on the other hand rather than determine if a user can actually access your application will determine which areas of an application that a user can go and what he / she can do there. Anonymous Authorization in that case will basically allow
any user that has access to the application to perform any task or function. Basically - anonymous authorization will allow users to visit and access any functionality that is available in any area of your site.
You may want to check out some of the following resources that provide a bit more detail between Authentication and Authorization :