You can implement Windows authentication through a module in the HTTP modules pipeline in IIS 7.x environment. This pipeline is a mixture of native modules shipping with IIS and managed modules shipping with ASP.NET. The big advantages of this model are:

1. You can use standard ASP.NET HTTP modules for all applications configured in IIS 7.x – even applications not based on ASP.NET

2. Unification of the configuration system, because you do not need to configure certain configuration options in IIS 7.x and ASP.NET separately.  You can do the entire configuration directly through the IIS management console. IIS performs the configuration in its central configuration store (applicationHost.config) and in the application’s web.config as necessary.

The next picture shows how in IIS 7.x you can configure the authentication methods via the authentication configuration feature of the management console:

 

Authentication configuration feature of IIS 7.x

Authentication configuration feature of IIS 7.x

You can easily enable or disable some authentication modules, such as the Windows authentication module, by clicking the appropriate link in the Actions task pane on the right border of the console. Other authentication modules, such as the Basic authentication module, offer more detailed settings by clicking the Edit link on the Actions task pane.

The next picture shows how to set default domain used for Basic authentication. This domain is used as a default domain if the user logs into the website without specifying a domain in the format DOMAIN\Username when logging in through the authentication dialog.

 

Configuring Basic authentication details

Configuring Basic authentication details

Whenever performing this configuration, IIS 7.x updates your application’s web.config file, and if necessary its central applicationHost.config configuration file.  By default, web server-specific modules are configured centrally in the applicationHost.config configuration file, and ASP.NET-based configurations are automatically updated in your application’s web.config file. In any case, that means after performing this configuration through the IIS 7.x management console you do not need to perform any additional, manual configuration steps in your application’s web.config.