TFS 2013 IIS Default Authentication Setting

Recently a customer was having a problem with being prompt for user name and password every time they tried to access TFS.  After doing a little investigation, I found that the IIS default setting were changed. To the defense of the customer, I would have made the same guess for the authentication setting for the TFS top level website.

To get TFS back to not prompting for user name and password. We changed the authentication settings back to the Team Foundation Server default settings. Below are the default site settings.

In IIS click on Team Foundation Server node | Authentication

image

For the Team Foundation Server the Anonymous Authentication should be set to Enabled and the Windows Authentication set to Disabled.

image

At the tfs site node, the Anonymous Authentication should be set to Disable and the Windows Authentication set to Enabled.

image

Conclusion

There is a number of ways to secure TFS. The above is the default setting that would help on getting you back when making adjustments your TFS. 

Security in itself is a fine art. It’s a balance between not blocking your teams from doing their work, too not have the intellectual properties show up on your competitors site. What is the correct balance?  To give a consultant reply to this question. Well it depends.

Below are some of my favorite links that might shed some light on the TFS security model.

Team Foundation Server permissions

Trusts and Forests Considerations for Team Foundation Server

Team Foundation Server services and service accounts

One thought on “TFS 2013 IIS Default Authentication Setting

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s