Default web.config authentication settings?

[clintonG]

When VS.NET creates a web.config file it writes a default
<authentication mode="Windows" /> entry.

Let me see if I got this right...

1.) It does so because I am running locally and my local Windows
user account is being used by VS.NET leaving me a bit confused
as when an application is run locally I am not challenged for credentials
even if I request the application from a separate instance of IE.

2.) Using Forms, or Passport as the authentication mode allows me to
force the application to demand credentials when the application
is deployed to the public.

3.) When using None no authentication is required regardless
of where the applications runs or who wants to load and run it.

Thus, is it correct to assume I should be modifying the default
authentication mode to None when deploying an application to a
hosted web server that requires no authentication and leave the
default mode to Windows when a user has a Windows account on
the web server where the application is deployed?

 

[Chris Austin]

I would think you assumption is correct.

-Chris
~
http://weblogs.austinspad.com/caustin

 

[Scott Allen]

Hi Clinton:

I think you have everything sorted out pretty well - just one extra
tidbit of information. When using Windows authentication the server
does challenge for credentials, it is just the IE will automatically
send the windows credentials along for site in the Intranet zone. This
is configurable in IE under Tools -> Options -> Security.

 

[clintonG]

Thanks for pointing that out. I've been trying to sort out some
access problems related to authentication when an application
is deployed to a hosted server.

<%= Clinton Gallagher

 

[clintonG]

Thanks Chris.

<%= Clinton Gallagher

I would think you assumption is correct.

-Chris
~
http://weblogs.austinspad.com/caustin