HttpContext.Current.User is null even though Windows Authentication is on

Question

In IIS7 under Windows Server 2008, I have a virtual directory with anonymous access off and Windows authentication on. In my web.config, I have:

Answer 1

Anonymous access must be on if you don't use ssl or something your own security.