I have a directory with Basic HTTP Authentication. I want to know the file where the username and password are stored.
I search a lot and read tons of articles but I can't find the real answer. In Apache for example, it's stored in .htpasswd
Is it the same concept in IIS? meaning it's saved in a physical file like web.config or any other file type?
Basic authentication is kind of clear context user credential authentication. It use both local account and domain account without kerberos ticket and encryption.
Besides, it is not stored in IIS config file but operating system keep it. It is said that the file in system32/config store the user credential. But the file is encrypted so we can't open it easily.