Stop annonymous access to web application
User creates a new Web page named Private.htm for the Web application. He saves the Web page in the C:\Inetpub\wwwroot folder on his computer. Private.htm should be accessible only to users who provide a valid user name and password. Other pages in the Web site should be accessible to anyone. Using his Web browser, user can access Private.htm without providing a user name or password. You need to ensure that users are required to provide a valid user name and password in order to access Private.htm.
We must allow anyone access the Web site. The only exception is the private.htm file that should be accessible only to users who provide a valid user name and password. We accomplish this by setting the appropriate NTFS permissions, the security permission, on the file private.htm. In this scenario the anonymous access check box on the Web site properties dialog box is selected. This permits people to access the Web site anonymously without any form of authentication.
Note: By using permissions we will prevent unauthorized people from access the Web site. Permissions rely on and Access Control List (ACL), which contains a list of all user accounts and groups that have been granted access to the Web site as well as the type of access that they have been granted. When a user attempts to gain access to the resource, the ACL must contain an entry for the user account or a group to which the user belongs. The entry must allow the type of access that is requested by the user before that user can gain access to the resource. If the access control entry does not exist or the entry does not match the type of access the user requests, the user will not be granted access to the resource.