Berkay,

thanks for your replay.

I want to have control over the access, because not everybody is supposed 
to access the data....

On the other hand I don't want, that users have to log on, because we have 
some executives accessing the data and they typically don't like barriers 
like log on windows ......

Regards
Matthias



> 
Matthias ,
Integrated Windows Authentication is the best security
method used in IIS. It's correct to popup a logon
window for the users in network.Because, the IWA looks
for an authenticated domain account.That is, if
someone logged to his/her machine with valid windows
domain account,and browsed your page then after,
he/she became authenticated but not complete.IWA also
includes the Basic Authentication like authorization,
that is, it popups the logon window.

What do you want to do explicitly? If you let everyone
access your pages and you suppose to get the value of
Request.ServerVariables("LOGON_USER"), this method
returns empty where the user logons to his/her machine
with local machine account not with a domain account.
Because Request.ServerVariables("LOGON_USER") looks
for a valid winNt/2K domain account and for that it
send you the logon popup window if you adjusted the
site setting as "uses Integrated Windows
Authentication". 

You must check the point for what to do . I see that,
in one side, you want anonymous access, on the other
side, you request the logon information. One method
includes "authorization information" , the other
"anonymous info".. These are different. You may want
to have a look at the analysis and security models
again , i think.

Berkay