What are the advantages and disadvantages?
when
anonymous authentication - enable
windows authentication - enable
can both values be enabled at the same time?
Setting them both enabled is necessary in some situation. I guess you want part of the website can be visit by anonymous authentication while some other part should be visit by windows authentication.
One situation is you can change the configuration in IIS sub folder level with only windows authentication enabled. Then visiting any resources in this folder will need windows authentication. Just note that every subfolder can have its folder level web.config. Besides, you need to unclock the applicationhost.conig override first:
<sectionGroup name="authentication">
<section name="anonymousAuthentication" overrideModeDefault="Allow" />
<section name="basicAuthentication" overrideModeDefault="Allow" />
<section name="clientCertificateMappingAuthentication" overrideModeDefault="Allow" />
<section name="digestAuthentication" overrideModeDefault="Allow" />
<section name="iisClientCertificateMappingAuthentication" overrideModeDefault="Allow" />
<section name="windowsAuthentication" overrideModeDefault="Allow" />
</sectionGroup>
The other situation is for WebApplication routing.
First you need nuget package:
using Microsoft.AspNetCore.Authentication.Negotiate;
Then add the authentication service in program.cs:
builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme) .AddNegotiate();
For any controller route you want windows authentication, add a attribute [Authorize] on the top. such as:
[Authorize]
public IActionResult Privacy()
{
return View();
}
Then when you visit the route of privacy, it requires windows authentication. But other pages need not. In this situation, you need to set both anonymous authentication and windows authentication enabled.