active-directory windows-authentication iis-10 windows-server-2016

Windows Authentication : Which users are allowed

Windows Authentication, Windows Server 2016 (or any version really)

When this is turned on in IIS10 this just authenticates against Active Directory, the user does not necessarily need to be a user on the server that IIS is sitting on right ?

Sorry for the dumb question

Solution

this just authenticates against Active Directory

Yes and no. It's called "Windows Authentication" and not "Active Directory Authentication" for a reason. It allows the website to authenticate any account that the server is capable of authenticating.

If the server is joined to a domain, then that can be an Active Directory account on the same domain or on any domain that domain trusts.

But it can also be a local account that only exists on the server itself - and that is true whether or not the server is joined to an AD domain.

What's the difference between retrieving WindowsPrincipal from WindowsIdentity and Thread.CurrentPrincipal?
Automate joining Active Directory (AD) using Kerberos keytab?
How to replace all Active Directory account photos?
Can't Get Users' Active Directory Enabled Status in C#
Power Automate - Can't use Parse JSON Outputs
kinit: Invalid integer value while getting initial credentials
While trying to resolve a cross-store reference, the SID of the target principal could not be resolved. The error code is 1332
Get-ADGroup member count domain issue
Django Auth LDAP - Direct Bind using sAMAccountName
creating a user in Active Directory: A device attached to the system is not functioning
Cannot login with Kerberos principal not_used, check your credentials
Generate IDP Certificate in Azure AD for SSO
Why is my Spring LDAP search failing to return a user
Restrict Microsoft Azure App OAuth2.0 to Internal Users
I need to replace the path to a mapped network drive at a scheduled time. How do I do it?
LDAP authentication using Spring security 2.0.3
Symfony dont respect Active Directory constraint
Powershell Get-ADGroupMember and Get-ADUser
active directory filter with objectGUID encoded as specified in rfc2254 doesn't work
"Cannot find an overload" Error When Using System.DirectoryServices.ActiveDirectoryAccessRule in PowerShell
Adding users temporarily to Active Directory groups using PHP
Kerberos Keytab: Getting error while creating keytab for MSA on Active Directory
Need to export the output of powershell script of to csv file
Attempting to sort out Manager Name from Get-ADUser
How to resolve [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1 ]
PowerShell Find Members of Two Specific AD Groups
Why does Jenkins Active Directory lookup fail occasionally?
Copy/clone folder permissions to another folder (Windows)
extract specific string from the field returned
Password does not work after sleep