The authenticated access method, Digest authentication, applies only to domain accounts on servers running Microsoft® Windows® Server 2003 and requires the accounts to store passwords using reversible encryption. Internet Information Services (IIS) sends a hash value rather than the password over the network, working across proxy servers and other firewalls.

Requirements for Digest Authentication

Before enabling Digest authentication on your server running IIS, ensure that all of the following minimum requirements are met. Only domain administrators can verify that the domain controller requirements are met. Check with your domain administrator if you are unsure about whether your domain controller meets the following requirements:

  • The user and the server running IIS must be members of, or be trusted by, the same domain.

  • Users must have a valid Windows user account stored in Active Directory® on the domain controller.

  • The domain must have a Windows 2000 or later domain controller.

  • The IIS server must be running a member of the Windows Server 2003 family or later.


Click to set the authentication method in IIS to Digest authentication.


Click to stop the operation and return to the previous dialog box to make another selection.

Related Topics

To learn more about user authentication and Digest authentication, see the IIS 6.0 online documentation on the Microsoft Windows Server TechCenter.