Request Authentication Scheme in IIS
Resource Access Authentication Scheme for IIS 6.0
Notes:
* If the IP address is prohibited, then the IIS process immediately returns " 403 Forbidden" ;
')
** NTFS rights are checked only for static resources. If the resource is “virtual” (for example, an ASP.NET MVC page), IIS sends the ISAPI control to the processor for files of this type (thanks to sse for the comment);
*** If the user has entered an incorrect login / password, then the status 401 is returned. The status 403 is returned in the following situations:
- when the user's IP address is added to the ban list;
- if the necessary access rights to the site are not installed (in the IIS console).
Notes:
* If the IP address is prohibited, then the IIS process immediately returns " 403 Forbidden" ;
')
** NTFS rights are checked only for static resources. If the resource is “virtual” (for example, an ASP.NET MVC page), IIS sends the ISAPI control to the processor for files of this type (thanks to sse for the comment);
*** If the user has entered an incorrect login / password, then the status 401 is returned. The status 403 is returned in the following situations:
- when the user's IP address is added to the ban list;
- if the necessary access rights to the site are not installed (in the IIS console).
Source: https://habr.com/ru/post/78242/
All Articles