https+basic authentication + access rights to local user in IIS

Question

I know how to do https + basic authentication but now I want to allow local users (who are not in domain, only local user access local machine) to access the website.

Does anyone know how to do this?

Answer 1

I tested out the following on a set of Windows XP Professional SP3 VHDs and it seemed to do what you want. Neither machine was part of a domain; both were configured in work-group mode and on the same subnet

Windows XP Hosting the IIS Site (Computer Name: SOCRATES): On the site, or directory under the 'Directory Security' tab, click the button 'Edit..' under the pane labled 'Anonymous Access and Authentication Control'. I then disabled 'Anonymous Access' and made sure that only 'Integrated Windows Authentication' was selected. I then made sure that the 'Launch IIS Process Account' had the following NTFS permissions: Read and Execute, List Folder Contents, Read to where the physical site lives on disk (otherwise you will not be able to access the site remotely.)

I then ran IE6 logged in as a local user account on the VHD and it took displayed the page in question without prompting for credentials.

On another Windows XP Professional SP3 machine (Computer Name: Plato), I then fired up Internet Explorer 7 and attempted to access the site (http://socrates). I was prompted for credentials, however when I entered in SOCRATES\\user and the appropriate password the site displayed just fine. Examining the IIS log on SOCRATES, confirmed that the user accessing the site was indeed SOCRATES\\user (if you want to validate this yourself, make sure that cs-username and cs-client are included in your IIS log configuration).