Windows Authentication
This article is deprecated as of IIS Administration 2.0.0. and has been replaced by the appsettings security section
Out of the box, the Microsoft IIS Administration API utilizes IIS's windows authentication module to authenticate users. These settings are specified in the web.config file. The windows authentication module restricts access to the API to to users in the Administrators and IIS Administrators groups. By manipulating the web.config file, one can alter the requirements for windows authentication. If windows authentication is removed access tokens become the sole mechanism for security.
Browser Access
Depending on browser settings, users who access the API via the built-in API Explorer may notice a login prompt. This is the browser's mechanism for authenticating with windows credentials. Domain users should include their domain name when specifying their username, for example contoso\johndoe.