We have IIS 7 running on the Windows 2008 Server which hosts many intranet websites. We want to use windows authentication for the website and its url will be http://pay
So, I add the C:\InetPub\pay folder and bind it to the IIS7.
Disable the Anonymous Authentication mode.
Enable the Windows Authentication mode.
When I access the website http://pay from the other computer, I got the message that
Unauthorized You do not have permission to view this directory or page using the credentials that you supplied.
So, I go to the Windows Explorer and Add the Local\IUSR account and give access to the folder. But I still got the same error.
Finally, I added Everyone account and give access to the folder. This time, it works and windows authentication is also working well.
What I am afraid is that, does it open the read access to Everyone to the \MyServer\C$\Inetpub\pay folder? It contains the web.config which contains server and users credential and it would be the big security breach.
How can I achieve to use Windows Authentication without giving access to Everyone account?
Thanks in advance.
