Basic configuration of the web service user authentication to ensure secure web site

The default IIS Web site allows all users to connect, if the high security requirements of the site, the site is open only for specific users, you need to authenticate the user. The main methods of verification are: anonymous authentication, basic authentication, digest authentication, Windows authentication. Here describes how to configure basic authentication.
First, add the authentication module.
1. Open the "Server Manager", click "Add role services."

2. Check the three kinds of authentication methods to be installed in the "Security", where I have installed before.

And follow the prompts to complete the wizard.
Second, turn off anonymous authentication, enable Basic authentication.
Priority 4 kinds of authentication methods is: Anonymous user -Windows Authentication - Digest Authentication - Basic authentication.
In other words, if both the anonymous authentication and Basic authentication, the client will give priority to anonymous authentication, basic authentication will not work this time. So, if you can access the web site to make the user must verify the identity, you must first disable anonymous access, and then set the authentication method. If you do not disable anonymous access, even if you set the authentication mode will not take effect.
1. Open the IIS Information Services Manager, click we want to set up authentication site, double-click to open "authentication."

2. Disable "Anonymous Authentication", enable "Basic authentication."

So that the client when you visit the site it is necessary to enter a user name and password.
Third, create a local user to access the web site.
1. Open the "Computer Management" control panel, create a new named "zhangsan" local users.

2. Because of this, this user is a local user, so the user can use this log on to this server, you can also remotely desktop connection to log server. For security reasons server, log on locally disable zhangsan user's login privileges and Remote Desktop Services.

Fourth, the client-side validation.

At this point it is necessary to visit the site to authenticate using zhangsan visit the website

authentication is successful, the user can only be used at this time zhangsan visit the website, not by local or remote desktop login server, both to ensure the security of the web site, but also to ensure security of the server.