Advanced Digest Authentication in IIS 6.0 (IIS 6.0)
Under Advanced Digest authentication, user credentials are stored on the domain controller as an MD5 hash. Because credentials are stored in Active Directory as an MD5 hash, user passwords cannot be feasibly discovered by anyone with access to the domain controller, not even by the domain administrator. Advanced Digest authentication is available to Web Distributed Authoring and Versioning (WebDAV) directories. In IIS 6.0, Advanced Digest authentication is preferred over Digest authentication, but Digest authentication is still available. Advanced Digest authentication relies on the HTTP 1.1 protocol.
Advanced Digest authentication uses the UseDigestSSP Metabase Property. This metabase key is a switch between Digest and Advanced Digest Security Support Provider Interface (SSPI) code. After the key has been set, the only valid property values are 1 (true), 0 (false), or empty. If the property is set to true, the new SSPI code for Advanced Digest authentication is used. In all other cases (false, empty, or not set), IIS uses the Digest authentication code.
The World Wide Web Publishing Service (WWW service) must be restarted before changes to UseDigestSSP take effect.
Configuring Advanced Digest authentication on the server running IIS requires the following three tasks:
If you follow the first two procedures, but do not configure the UseDigestSSP metabase property, you will be using Digest authentication, not Advanced Digest authentication.
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
To enable Advanced Digest authentication and configure the realm name for Windows domain servers
Configuration settings made at the Web Sites folder level can be inherited by all Web sites.