E.18 Disabling Windows Challenge/Response Authentication on IIS Web Servers

The IIS Web server on Windows supports Challenge/Response Authentication, which defaults to On when IIS is installed. This enables users to use their domain log-ins when requesting resources from IIS and can conflict with Access Manager's authentication.

For example, on the first request from an Internet Explorer (IE) browser to a resource on IIS protected by Access Manager with a basic authentication scheme, IE displays a login dialog box requesting a domain along with the user name and password login provided by Access Manager.

To disable Windows challenge/response authentication

  1. Launch the Microsoft Management Console for IIS.

  2. Select the Web Server Host under Internet Information Server in the left hand panel.

  3. Right click and select Properties.

  4. Scroll down and select Edit the Master Properties for WWW Service.

  5. Select the Directory Security tab.

  6. Select Edit Anonymous Access and Authentication Control.

  7. Complete the appropriate step for your platform:

    Windows 2000: Clear the Integrate Windows Authentication box.

  8. Click OK.

  9. In the Windows IIS properties screen, click OK.

  10. Close the Microsoft Management Console.