24Ara
IIS basic authentication uses local users, how should I prevent potential security issues?
I have a IIS website and I need to enable basic authentication on it. With nginx/apache, the authentication database is unrelated to local system, i.e can only be used to do basic auth, can't log in locally.
I only have one machine so I have to enable basic authentication on IIS, however it looks like I need to create a local user. So far the only thing I did is to prevent them from log on locally.
Is there anything else I should do in addition?
