I can attest that the updated Admin page does indeed prevent access to any of the functional links if you are not authenticated.
Problem is now I can't figure out how to get authenticated. I have set the permissions as shown: That would seem to match what's suggested in your docs since IUSR is excluded. But I do not get a login dialog when attempting to open the page - it just comes up with the security warning...
What am I missing?
--stein
Are you accessing the site from the server? There's a security policy that prevents authentication to work on localhost on Windows Server.
+++ Rick ---
No, I'm seeing this when hitting it from a remote client: http://70.167.40.88/wconnect/admin/admin.aspx
Note that there's no SSL on that box so I can't use https - don't know if that makes a difference?
--stein
Make sure Windows Authentication is enabled on the server and that you're using a valid account.
+++ Rick ---