IIS6 - HTTP redirect to HTTPS - how to disable authentication on the http

Currently I have two sites setup in IIS.

• Primary Site (Uses HTTPs and requires windows integrated authentication)
• Secondary Site (Uses HTTP and redirects to the HTTPs)

My problem is that if I set anonymous authentication on the HTTP redirect site, it just passes through to the HTTPS without requiring authenticatio开发者_运维百科n.

If I have windows integrated authentication setup on the redirect site, users are forced to authenticate on the HTTP site which voids the whole reason I want to use https (to encrypt authentication).

Any help is greatly appreciated!

You may have your HTTPS site mis-configured. Check to make sure that anonymous authentication is disabled on the HTTPS site (only Windows Integrated authentication checked). If both are checked, it will allow the anonymous request through without challenging the user for credentials.